Re: Run IIS in a domain user context
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 06/05/04
- Next message: Mark Darbyshire: "Re: Run IIS in a domain user context"
- Previous message: Mark Darbyshire: "Re: TGFIX"
- In reply to: Mark Darbyshire: "Re: Run IIS in a domain user context"
- Next in thread: Mark Darbyshire: "Re: Run IIS in a domain user context"
- Reply: Mark Darbyshire: "Re: Run IIS in a domain user context"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 5 Jun 2004 20:55:02 +1000
Hi,
Is this ASP.NET? If so then on IIS v5 either change the <processModel>
section of machine.config -or- set <identity impersonate="true"> in
web.config. If you set impersonate=true you either need to supply a domain
user's credentials -or- use the IIS anonymous user account (which you would
need to change to a domain account)
If this is IIS 6.0, you need to change the identity of the Web Application
Pool that is hosting the application.
You *do not* change the logon identity of any of the IIS services. Running
any of these services as something other than localsystem is not supported
(and you will need to make changes to your system's security policies to get
it to work).Neiither ASP.NET nor IIS uses LocalSystem for accessing remote
resources. That's determined by the identity that ASP.NET or IIS is
impersonating for the request in question.
Cheers
Ken
"Mark Darbyshire" <NO_SPAM_m_darbyshire@hotmail.com> wrote in message
news:eXcCiMtSEHA.3016@tk2msftngp13.phx.gbl...
: I'm checking services on remote machines so I can present a service status
: via a web frontend.
:
: Basically, I'm using the System.ServiceProcess() collection - connecting
to
: the local machine it's ok but a remote system fails with authentication
: problems. When I say local machine I mean the server that is hosting IIS
and
: not the connected client.
:
: I assume the Authentication fail is simply because the page is running
: server side in the context of LocalSystem which I assume the web service
is
: running in.
:
: Basically if I change the web service on the server to run in a domain
user
: context and give that domain user the right's to the other 3 servers I
want
: to monitor then this should work - am I right? Assuming so then which
: service should I change the logon context of? Or is there a far batter
way
: that I'm missing?
:
: Hope this explains more,
:
: Thanks,
:
: Mark
:
: "Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
: news:40d3f5f9.10659006@msnews.microsoft.com...
: > On Fri, 4 Jun 2004 22:49:25 +0100, "Mark Darbyshire"
: > <NO_SPAM_m_darbyshire@hotmail.com> wrote:
: >
: >>Anyone know what I have to change to run IIS on W2k server in a domain
: >>user
: >>context - I basically want to create code that can access various
machines
: >>and therefore I think a domain context is the right thing to do - might
be
: >>wrong ????
: >
: > I would say wrong, but to answer your question, take a look at:
: >
: > http://support.microsoft.com/default.aspx?scid=kb;en-us;300432
: >
: > Code can access other systems without having to run IIS as a domain
: > account. But you don't mention what code, how or why so there's no
: > advice to pass on for this.
: >
: > Jeff
:
:
- Next message: Mark Darbyshire: "Re: Run IIS in a domain user context"
- Previous message: Mark Darbyshire: "Re: TGFIX"
- In reply to: Mark Darbyshire: "Re: Run IIS in a domain user context"
- Next in thread: Mark Darbyshire: "Re: Run IIS in a domain user context"
- Reply: Mark Darbyshire: "Re: Run IIS in a domain user context"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
