RE: Internet Explorer zones do not have secure settings for some users

Hi Jason,

From your description, the Baseline Analyzer is reporting warning against
the machine\ASPNET account since its internet zone setting doesn't fit the
expected level. I haven't used the baseline tool much, have you checked to
see whether the analyzer has any account specific customization options to
control such validation?

Based on my understanding, machine\ASPNET is a non-interactive local
account. It is the default ASP.NET process account for IIS5. For WINDOWS
2K3 IIS6, the default service account should be "Network Service" unless
you configure IIS6 to run as IIS5 compatible mode. Is this the case? If
you're not using IIS 5 compaitble mode, MACHINE\ASPNET account is not used
by ASP.NET, you can try disabing it to see whether the warning will be
eliminated.

BTW, do you know whether there has been any parituclar changes on the
server which may have customized the internet zone level of all the
accounts?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Thread-Topic: Internet Explorer zones do not have secure settings for some
users
thread-index: Acij2WDCPMPR2o4HRvCIc2DJ0P26Sg==
X-WBNR-Posting-Host: 84.233.152.66
From: =?Utf-8?B?SmFzb24=?= <job2@xxxxxxxxxxxxx>
Subject: Internet Explorer zones do not have secure settings for some users
Date: Mon, 21 Apr 2008 10:59:00 -0700

I'm not really sure where this should be posted as this is a Baseline
Security Analyzer question but I'm hoping someone here would have come
across
this.

I'm using MS Baseline Security Analyzer (2.0.6706.0) to check a web app on
Win 2k3 we've developed with .Net but we're getting a Servere Risk with
the
IE Zones for the ASPNET account.

The message is:
Some or all of the user settings for the following zones are below the
recommended level.
User: XXXX\ASPNET
Zone: Internet
Level: High (Custom)
Recommended Level: High

Anyone come across this before? If so, is there a method to close this
issue? I've done a few searches but I can't find anything so if not, has
MS
addressed any concerns this error might raise?

Cheers for any answers you can provide,

Jason.


.

Relevant Pages

  • Re: They can break ZoneAlarm easily !
    ... then there are other settings blocking the packets. ... is a bug in the firewall software or a vulnerability in the operating system ... Set up your Internet connection IP address in a high security zone on ... settings of ZAPro for your internet zone ...
    (comp.security.firewalls)
  • Re: using group policy to block installation of spyware/adware
    ... Content Zone security settings, such as high for the internet zone and then ...
    (microsoft.public.security)
  • Re: ZoneAlarm Firewall NOT Working ?
    ... >>> I have my Internet Zone and Trusted Zone both set on Medium so that my ... > I too can only run ZA in Medium settings. ... I have 2 PC's using ICS. ... ICS Share adaptor IP address of my ISP also in the Internet zone ...
    (comp.security.firewalls)
  • Re: Zone Alarm question
    ... Alarm that the answer will be easy for you. ... settings do I set up in Zone Alarm. ... moving the Internet Zone Security slider to HIGH. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Zone Alarm question
    ... Alarm that the answer will be easy for you. ... settings do I set up in Zone Alarm. ... moving the Internet Zone Security slider to HIGH. ...
    (microsoft.public.windowsxp.help_and_support)