Re: Prevent access to advapi32.dll RevertToSelf()

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/28/05

• Next message: Stefan Hoffmann: "ASP.Net 1.1 cookieless session security issue?"
• Previous message: Dominick Baier [DevelopMentor]: "RE: Using WMI to grant permissions to new users on folder.."
• In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Prevent access to advapi32.dll RevertToSelf()"
• Next in thread: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
• Reply: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Sep 2005 23:36:50 -0700

Hello Joe,

sorry, i can only quote myself this time...: "auto impersonation is the spawn
of evil"

if you use autoimp to isolate web apps, upgrade to IIS6 and use application
pools
if you use autoimp for impersonation, do it programmatically only where you
need it.

otherwise this will cause headaches sooner or later.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> In addition to what Dominick said, under 2003, I suggest running each
> app in its own AppPool, setting the process identity to the identity
> you want to use and disabling impersonation via web.config. Then, it
> is a non-issue.
>
> Joe K.
>
> <kevin.kenny@zygonia.net> wrote in message
> news:1127826645.382804.14450@g43g2000cwa.googlegroups.com...
>
>> Sorry I should also have said windows 2003 server as well.
>>
>> Kevin
>>

• Next message: Stefan Hoffmann: "ASP.Net 1.1 cookieless session security issue?"
• Previous message: Dominick Baier [DevelopMentor]: "RE: Using WMI to grant permissions to new users on folder.."
• In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Prevent access to advapi32.dll RevertToSelf()"
• Next in thread: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
• Reply: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Prevent access to advapi32.dll RevertToSelf() ... i can only quote myself this time...: "auto impersonation is the spawn ... if you use autoimp to isolate web apps, upgrade to IIS6 and use application ... > app in its own AppPool, setting the process identity to the identity ... (microsoft.public.dotnet.security) Re: IIS 6 & Server Permisions ... The credentials under which the application pool that ... allows the thread to run as the process identity. ... Normally, IIS runs code using impersonation, where that identity is obtained ... (microsoft.public.inetserver.iis) Re: ASPNET and Impersonation ... > not through any additional configuration using the ... > file (instead of being localized to the single Web Service ... > using Impersonation or changing the process identity, ... (microsoft.public.dotnet.security) Re: ASPNET and Impersonation ... > not through any additional configuration using the ... > file (instead of being localized to the single Web Service ... > using Impersonation or changing the process identity, ... (microsoft.public.dotnet.framework.aspnet.security) Re: ASP_WP - driving me mad!!! ... > server to make your life difficult. ... I see no evidence in the ... > process identity was nor whether you were using impersonation). ... (microsoft.public.inetserver.iis)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint