RE: Internet Explorer zones do not have secure settings for some u

Thanks for your reply Jason,

How about deleting the user profile of the MACHINE\ASPNET account?

#How to delete a user profile in Windows Server 2003
http://support.microsoft.com/kb/814584

and for ASP.NET 2.0, you can use the aspnet_regiis.exe to regrant the
proper permissions for it.

#ASP.NET IIS Registration Tool (Aspnet_regiis.exe)
http://msdn2.microsoft.com/en-us/library/k6h9cz8h(VS.80).aspx

You can try this to see whether it can help also reset the internet
security zone level to the proper value.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: =?Utf-8?B?SmFzb24=?= <job2@xxxxxxxxxxxxx>
References: <8FE53475-5EF1-41AC-AB9C-FE6BC1A72757@xxxxxxxxxxxxx>
<KOhDZNCpIHA.2252@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Internet Explorer zones do not have secure settings for some u
Date: Tue, 22 Apr 2008 00:50:00 -0700


Thanks for your prompt and thorough reply.

Yes, we are running IIS in v5 compatible mode, so we need to take the time
to get our app running properly with v6. It was the non-interactive local
account that caused us worries. We've corrected our other service
accounts.

Otherwise, the server is a new clean install.

Cheers,

Jason.

"Steven Cheng [MSFT]" wrote:

Hi Jason,

From your description, the Baseline Analyzer is reporting warning
against
the machine\ASPNET account since its internet zone setting doesn't fit
the
expected level. I haven't used the baseline tool much, have you checked
to
see whether the analyzer has any account specific customization options
to
control such validation?

Based on my understanding, machine\ASPNET is a non-interactive local
account. It is the default ASP.NET process account for IIS5. For WINDOWS
2K3 IIS6, the default service account should be "Network Service" unless
you configure IIS6 to run as IIS5 compatible mode. Is this the case? If
you're not using IIS 5 compaitble mode, MACHINE\ASPNET account is not
used
by ASP.NET, you can try disabing it to see whether the warning will be
eliminated.

BTW, do you know whether there has been any parituclar changes on the
server which may have customized the internet zone level of all the
accounts?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments
and
suggestions about how we can improve the support we provide to you.
Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
Thread-Topic: Internet Explorer zones do not have secure settings for
some
users
thread-index: Acij2WDCPMPR2o4HRvCIc2DJ0P26Sg==
X-WBNR-Posting-Host: 84.233.152.66
From: =?Utf-8?B?SmFzb24=?= <job2@xxxxxxxxxxxxx>
Subject: Internet Explorer zones do not have secure settings for some
users
Date: Mon, 21 Apr 2008 10:59:00 -0700

I'm not really sure where this should be posted as this is a Baseline
Security Analyzer question but I'm hoping someone here would have come
across
this.

I'm using MS Baseline Security Analyzer (2.0.6706.0) to check a web app
on
Win 2k3 we've developed with .Net but we're getting a Servere Risk with
the
IE Zones for the ASPNET account.

The message is:
Some or all of the user settings for the following zones are below the
recommended level.
User: XXXX\ASPNET
Zone: Internet
Level: High (Custom)
Recommended Level: High

Anyone come across this before? If so, is there a method to close this
issue? I've done a few searches but I can't find anything so if not,
has
MS
addressed any concerns this error might raise?

Cheers for any answers you can provide,

Jason.





.

Relevant Pages

  • Re: 0xc0000022 error
    ... "Syed Zeeshan Haider" wrote: ... Does this happen with an Admin Account?. ... How to Identify a Damaged User Profile and Create a New Profile ... Permissions and see those limited users as they shouldn't have access ...
    (microsoft.public.windowsxp.general)
  • Re: 0xc0000022 error
    ... Does this happen with an Admin Account?. ... How to Identify a Damaged User Profile and Create a New Profile ... "Syed Zeeshan Haider" wrote: ... Permissions and see those limited users as they shouldn't have access ...
    (microsoft.public.windowsxp.general)
  • Re: How to reset winxp client profiles
    ... When I look at the user profiles, there are three 'account unknown' listed, ... with the old local user profile. ... When you reinstall SBS server, ... You do this in http://servername/connectcomputer in client ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant Access Network Resources. Clock Sync errors
    ... I've destroyed the user profile that could not access any network resource. ... client and the server. ... Tried to log into the domain from the problem user account and get the same ... I can use the problem user account on several other Win2000, Win2k3, ...
    (microsoft.public.windows.server.active_directory)
  • RE: NT > SBS account transfer not working!
    ... you do not need to migrate the user profile manually. ... and other partners who read the newsgroups regularly can ... NT> SBS account transfer not working! ... Browse to the C:\Documents and Settings folder, ...
    (microsoft.public.windows.server.sbs)