RE: Best security practices for IIS6/2203
From: Andrew Davis [MS] (adavis_at_online.microsoft.com)
Date: 12/17/03
- Next message: Andrew Davis [MS]: "Re: SUS question"
- Previous message: Tom Kaminski [MVP]: "Re: Best security practices for IIS6/2203"
- In reply to: hal_at_nospam.com: "Best security practices for IIS6/2203"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Dec 2003 15:16:25 GMT
Hal,
Is there a specific need to run the process identity as IWAM? IIS6 was
designed to run application pools in the context of Network Service for
security reasons, but this identity can be changed to another account if
needed.
Take a look at the "Configuring App Isolation" doc on technet, there is a
section titled "Using Isolation to Secure Applications" that may address
what you're looking for. If not, let me know!
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/plan/appisoa.
asp
Here is another link to IIS / Security / Access Control, but I don't see
anything specific to configuring the app pool identities in the context of
security, but found other helpful articles for IIS6:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/proddocs/standard/sec_acc_accesscontrol.asp
Hope this helps!
This posting is provided "AS IS" with no warranties, and confers no rights.
Thanks!
~Andrew Davis
Microsoft PSS Security
--------------------
| From: hal@nospam.com
| Newsgroups: microsoft.public.inetserver.iis.security
| Subject: Best security practices for IIS6/2203
| Date: Tue, 16 Dec 2003 16:40:07 -0700
| Message-ID: <he5vtvcsq47290lufocvmeo9o7oreid5c6@4ax.com>
| X-Newsreader: Forte Free Agent 1.92/32.572
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Lines: 10
| X-Comments: This message was posted through Newsfeed.com
| X-Comments2: IMPORTANT: Newsfeeds.com does not condone, nor support,
spam or any illegal or copyrighted postings.
| X-Comments3: IMPORTANT: Under NO circumstances will postings containing
illegal or copyrighted material through this service be tolerated!!
| X-Report: Please report illegal or inappropriate use to
<abuse@newsfeed.com> You may also use our online abuse reporting from:
http://www.newsfeed.com/abuseform.htm
| X-Abuse-Info: Please be sure to forward a copy of ALL headers, INCLUDING
the body (DO NOT SEND ATTACHMENTS)
| Organization: Newsfeed.com http://www.newsfeed.com 100,000+ UNCENSORED
Newsgroups.
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.su
l.t-online.de!t-online.de!tiscali!newsfeed1.ip.tiscali.net!newsfeed.tiscali.
ch!news-out2.nuthinbutnews.com!local!corp-news!not-for-mail
| Xref: cpmsftngxa07.phx.gbl microsoft.public.inetserver.iis.security:7936
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| I am assisting our web developers in setting up IIS6 on a new 03 box
| and am looking for some whitepapers to best practices for securing and
| Intranet/Internet site. In particular I am looking for something that
| discusses the use of the predefined users IWAM_<server> and
| IUSR_<server> names in regards to anonymous access and launching
| applications among other issues.
|
| Thanks,
|
| Hal
|
- Next message: Andrew Davis [MS]: "Re: SUS question"
- Previous message: Tom Kaminski [MVP]: "Re: Best security practices for IIS6/2203"
- In reply to: hal_at_nospam.com: "Best security practices for IIS6/2203"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
