Re: Why rename the IUSR account?
From: Ben (Ben_at_nospam.example.com)
Date: 05/03/05
- Next message: Paul Haigh: "Re: Client Permissions required for Integrated Authentication?"
- Previous message: Tom Kaminski [MVP]: "Re: Client Permissions required for Integrated Authentication?"
- In reply to: Tom Kaminski [MVP]: "Re: Why rename the IUSR account?"
- Next in thread: Tom Kaminski [MVP]: "Re: Why rename the IUSR account?"
- Reply: Tom Kaminski [MVP]: "Re: Why rename the IUSR account?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 3 May 2005 16:25:08 +0200
But, if the IUSR account has access _only_ to content that is publicy
available to anonymous users (now, that is another question if the IUSR
account is properly configured), it would not harm to not rename it, would
it? I mean, if all the content is already available for everyone, there
would be no reason to "hack" the account, because you will not gain access
to any additional resources. (but of course a "hacked" account is never
good)
Would it be better to disable the original IUSR account and create a new one
(with least privilegies, i'm trying to find a list of necessary permissions
for the IUSR account to work)? As mentioned in the IIS Insider article.
(This is on a IIS 6.0 server)
Thanks!
"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:udoF8i%23TFHA.2820@tk2msftngp13.phx.gbl...
> "Ben" <Ben@nospam.example.com> wrote in message
> news:eLCjfY%23TFHA.3280@TK2MSFTNGP09.phx.gbl...
>> Some articles/papers seems to recommend you to rename the IUSR account
>> (for added security). I can however not find any reason why you need to
>> do it (but i can see the reason why you should rename the Administrator
>> account).
>>
>> Can anyone tell me why it would be good to rename the IUSR account?
>
> It's just another layer of security. If someone can guess the IUSR name
> and paasword and you have elevtaed permissions for the account then
> someone can take advantage of that. As with any security measure, you
> have to decide how relevant it is in your specific environment.
>
> --
> Tom Kaminski IIS MVP
> http://www.microsoft.com/windowsserver2003/community/centers/iis/
> http://mvp.support.microsoft.com/
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running
> IIS
>
- Next message: Paul Haigh: "Re: Client Permissions required for Integrated Authentication?"
- Previous message: Tom Kaminski [MVP]: "Re: Client Permissions required for Integrated Authentication?"
- In reply to: Tom Kaminski [MVP]: "Re: Why rename the IUSR account?"
- Next in thread: Tom Kaminski [MVP]: "Re: Why rename the IUSR account?"
- Reply: Tom Kaminski [MVP]: "Re: Why rename the IUSR account?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
