Re: DCOMCnfg permissions for application

• Previous message: Roger Abell [MVP]: "Re: Authentication Problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 29 Oct 2005 08:59:13 -0700

Looks worrisome to me Allison, but then much depends on the
quality of that component, your trust in those that wrote/provide
it, and its code quality. Also, nature of the IIS box comes into
the picture - are there many authors dynamically changing page
code, or is it a more tightly controlled IIS with "production"
page code staged over. If at will authoring is allowed by many
then you would be granting all of them the ability to start instances
and use this component (Everyone, Interactive and even Iusr_,
Iwam_ if not isolating by different AppPool identities)

"Allison Sutherland" <AllisonSutherland@discussions.microsoft.com> wrote in
message news:BB0F7F6C-5111-4AD6-AF9D-07B1AF4E4F50@microsoft.com...
> Windows 2003 Server, SP1, IIS6
> Primary Web Server.
>
> Special Dashboard Intranet application requires:
> 1. OfficeAutomationuser to be created.
> 2. Dcomcnfg - requires user to be added to Word Document application to
> Default Access Permissions and Default Launch permissions.
>
> DComcnfg - to Configure My Computer to Edit Default Access and Default
> Launch Permissions to add
> System, Administrators, Interactive, Everyone, OfficeAutomation User,
> IUSR_machine account, IWAM_machine account, and ASPNet account.
>
> Should this worry me. None of these DCom permissions are currently set,
> except for System and Administrators and I'm worried that this is
> "unsecuring" the web server.
>
> Do you have any comments about this? Is this opening up too much and
> creating a security concern on the web server?
>
> Thanks very much,

• Previous message: Roger Abell [MVP]: "Re: Authentication Problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]