Re: IIS6 + ISAPI Filter + Application Pool Identity problem

From: LF (lf_at_nospam.nospam)
Date: 01/21/05

  • Next message: LF: "Re: IIS6 + ISAPI Filter + Application Pool Identity problem" 
    Date: Thu, 20 Jan 2005 23:42:39 -0500

    It is definitely a member of IIS_WPG. But even if it doesn't have permission
    to write to Event log, I'm writing to a file and its folder has Everyone
    with FullControl. And it does output to file when running under Network
    Service account. I see in the event log Success events for Login event of
    the User account I specified, then Login event for machine account and
    that's all. ISAPI is not loaded. I was mistaken before. There is no green
    arrow next to the ISAPI filter when running under User account. And yet
    there are no Failure events in the Event log. We created new DC and new
    Win2k3 machine. Works fine with regular User account and required privileges
    for IIS Application pool identity.

    But still, it would be nice to know how machine could get to that failed
    state. I even un-joined that computer from domain. Still same behavior. No
    ISAPI is loaded.

    ""WenJun Zhang[msft]"" <v-wzhang@online.microsoft.com> wrote in message
    news:UtIgT$p$EHA.768@cpmsftngxa10.phx.gbl...
    > Hi,
    >
    > If Network Service and Administartor accounts worked but normal local
    > or domain users not, please add the user to IIS_WPG group to test.
    > And the following article contains the comprehensive permissions
    > granted to Network Service(it's also a member of IIS_WPG).
    >
    > Default permissions and user rights for IIS 6.0
    > http://support.microsoft.com/?id=812614
    >
    > Another thought is, can you guarantee the user account has privilege
    > to write event log?
    >
    > Event Logging Security
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug
    > /base/event_logging_security.asp
    >
    > Thanks.
    >
    > Best regards,
    >
    > WenJun Zhang
    > Microsoft Online Support
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    > Get Secure! - www.microsoft.com/security
    >

  • Next message: LF: "Re: IIS6 + ISAPI Filter + Application Pool Identity problem"

    Relevant Pages

    • Re: ACL Permissions
      ... is denied access normally to the local administrators group to see what ... has deny permissions applied somewhere along the line. ... the user is a member of is not. ... >> for the regular user account. ...
      (microsoft.public.windows.server.networking)
    • Re: ACL Permissions
      ... is denied access normally to the local administrators group to see what ... has deny permissions applied somewhere along the line. ... the user is a member of is not. ... >> for the regular user account. ...
      (microsoft.public.windows.server.security)
    • Re: ACL Permissions
      ... is denied access normally to the local administrators group to see what ... has deny permissions applied somewhere along the line. ... the user is a member of is not. ... >> for the regular user account. ...
      (microsoft.public.windows.server.general)
    • Re: Event Log
      ... >> I was wondering what permissions I need to give to the identity my ... >> Currently, I'm unable to do so, however, if I make the account a member ... >> the admin group then I'm able to write to the event log. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: IIS6 + ISAPI Filter + Application Pool Identity problem
      ... AppPool is not marked as disabled. ... to write to Event log, I'm writing to a file and its folder has Everyone ... arrow next to the ISAPI filter when running under User account. ...
      (microsoft.public.inetserver.iis.security)