Re: Creating files in a unc shared drive.
From: Alex (alex_dinu_at_adp.com.(nospam))
Date: Wed, 17 Aug 2005 05:21:09 -0700
I'm not sure why my manager doesn't want to enable kerberos delegation in
iis. Running all sites under the user won't be a problem. It's a generic
system user who does have permissions to perform tasks.
"Joe Kaplan (MVP - ADSI)" wrote:
> It means all of the other web sites on the machine will have the worker
> process running as your domain account too. This may or may not be a bad
> thing, depending on what it can do.
> What's the problem with Kerberos delegation? It is probably the best way to
> solve this problem. The other good way is to put the code that does the UNC
> access in a seperate component and set it up in COM+ to run as your domain
> identity. That way only this piece of code has the special privileges. Of
> course, this is more complicated to implement and deploy, but offers more
> Joe K.
> "Alex" <email@example.com.(nospam)> wrote in message
> > This is what we ended up doing, and it seems to work:
> > We set the impersonate="false"
> > We set the user name and password in the <processModel> element to an
> > active
> > directory user
> > We gave the user the proper permissions to the unc share
> > I'm not sure of the reasons, but I've been told to try and get it working
> > without Kerebose\delegation.
> > My only concern is the machine.config changes. I'm not sure how it affects
> > the other web sites we have....