Re: Re:Re: Accessing a remote IIS server

From: x y (jamescagney90210@excite.com)
Date: 05/09/02

• Next message: KT: "Re: Install SSL certificate requires reboot?"
• Previous message: x y: "Re: webserver hacked"
• In reply to: Rick Villela: "Re:Re: Accessing a remote IIS server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "x y" <jamescagney90210@excite.com>
Date: Thu, 9 May 2002 09:51:56 -0400

"Rick Villela" <rvillela@sbcglobal.net> wrote in message
news:186901c1f6d2$1f95ca80$39ef2ecf@TKMSFTNGXA08...
> that I included in the Guests group. Then I went to the
> master webserver and setup the IIS Out-of-Process Pooled
> component Identiy and used the domain account and
> everything seems to work fine.

Glad to hear it, guess I should have mentioned that too.

> I know that you mentioned using a local account, but I did
> not want to go to each webserver and try to change the
> password or create another account on each machine. This
> way I added the domain account and made the change in the
> master webserver and it can automatically access the rest
> of the webservers. Is there some major security risk doing
> it this way?

Not exactly, just that it requires your web servers to be able to talk to
your domain controllers in some way using Netbios, which is usually a good
thing to block off with an internal firewall for if and when your web server
is hacked into. Also, unless you're careful and explicitly deny that ID
from access to all the other computers and servers on the network, using a
domain account may allow access to more or less every computer and server on
the network. I think it's more secure to grant access only to what is
needed, which would be a local account on the target server or servers and a
fixed password for the account on the web servers that is managed by you,
but it's up to your environment, your particular security requirements and
your comfort level. Domain accounts probably doesn't make your web server
more easily hacked, but if someone does hack in, it may make it easier for
them to hop to other servers on your network.

---

• Next message: KT: "Re: Install SSL certificate requires reboot?"
• Previous message: x y: "Re: webserver hacked"
• In reply to: Rick Villela: "Re:Re: Accessing a remote IIS server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Print migrator 3.1 Scripting Backups ... scheduled tasks?. ... using Print migrator, a *.bat file and scheduled task. ... > servers with over 300 total printer queues. ... > under a backup domain account that has backup operator, ... (microsoft.public.win2000.printing) Remote Access to Event Viewer ... We have a centralize monitoring system within AD. ... Domain Account was added to many servers local groups: ... the remote server cannot retrieve events from Event Viewer of the ... (microsoft.public.win2000.active_directory) Event ID 1219 ... servers, and people can't login with their domain account. ... Sometimes a reboot doesnt help at all. ... (microsoft.public.windows.terminal_services) Domain Issues (Windows 2003) ... servers to this domain and can logon to them with a domain account. ... Some worked fine and I was able to login with domain accounts, ... (microsoft.public.windows.server.setup)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)