Re: Network service default permissions

Default configuration does not allow Network Service write/create access to
the filesystem, so what you describe is configuration that you or someone
else has customized and hence responsible for.

"Is this safe to be used" cannot be answered without knowing your security
requirements. Security is never absolute black/white and always relative
shades of grey, so it "depends" on knowing more information.

File ACLs/Permissions and Privileges are two separate but interacting
concepts.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Eric Chaves" <eric.dot.chaves@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23cEboXLsGHA.1876@xxxxxxxxxxxxxxxxxxxxxxx
Hi folks,

I was digging around the default permission for "network service" user
and got myself quite confused. In the servers I've checked the default ACL
permission on any new folder for this user is "Read & Execute","List
folder contents" and "Read". However when I check the NTFS permissions
trought the "Advanced" button I also saw that this user has "Create
Files/Write Data" and "Create Folders/Append Data", which acording to
Microsfts KBs belongs to "Modify" and "Full Control". Is this correct?
As far as I kow the network service account should be used to run with
"minor privileges" and thus is recomended to be used for web sites, but
with this set of permissions the network service has a "Write" and
"Execute" permission. Is this safe to be used?

Cheers,

Eric.






.

Quantcast