Re: 2003 Server / Application Pools - Process Isolation / FrontPage Extensions
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 05/22/04
- Previous message: Roger Abell: "Re: Disable the right to logon locally"
- In reply to: someoneelse: "2003 Server / Application Pools - Process Isolation / FrontPage Extensions"
- Next in thread: someoneelse: "Re: 2003 Server / Application Pools - Process Isolation / FrontPage Extensions"
- Reply: someoneelse: "Re: 2003 Server / Application Pools - Process Isolation / FrontPage Extensions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 May 2004 22:52:49 -0700
Of the four principals you have mentioned
System is the local system, the highest account
used by the OS itself.
Network is a placeholder representing any account
that has logged on over the network
Interactive is a placeholder representing any account
that has logged on locally
Groups like OWS_bunchofnumnbers_admin are generated
to matches the roles that are in use per web. These can
be shut off with use of the NoMachineGroups reg key in
the Web Server Extensions key but doing so means that you
will be responsible for some permissioning tasks that the
extension would otherwise attempt to accomplish for you.
For specific responses you may wish to try the newsgroup
microsoft.public.sharepoint.windowsservices, or teamservices
in addition to the frontpage.extension group to which you did
post this.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "someoneelse" <iheard@you.com> wrote in message news:uNJN$RqPEHA.640@TK2MSFTNGP12.phx.gbl... > Hi All > > I am wondering about FrontPage extensions and Process Isolation in Windows > 2003 Server. > > I have successfully set up a site and added it to an application pool with a > custom user (for ASPNET). > I also add a custom account for the IUSR process and add only the users I > want to the site's directory via NTFS. > > When I add FrontPage extensions to the site, two things happened that are > the point of my question: > > 1-The site is added to the MSSharePointAppPool (I imagine this is for making > calls to the dll in the bin). > 2-4 users are added to the NTFS permissions in the site dir. > > -INTERACTIVE > -NETWORK > -OWS_bunchofnumnbers_admin > -SYSTEM > > What are the four users for? Can I isolate them? > > Is there any concern about adding the site to another application pool? I > spent a long time learning to isolate it and would hate to mess up my work. > > Does this second application pool only fire for requests to the bin? It > seems to. When I call the site and check my processes, the site is still > running under the account I set for the first pool. > > Are there any links to an msdn article, that offers a further description, > on these four new accounts and what they are used for? > > Thanks for any responses. > >
- Previous message: Roger Abell: "Re: Disable the right to logon locally"
- In reply to: someoneelse: "2003 Server / Application Pools - Process Isolation / FrontPage Extensions"
- Next in thread: someoneelse: "Re: 2003 Server / Application Pools - Process Isolation / FrontPage Extensions"
- Reply: someoneelse: "Re: 2003 Server / Application Pools - Process Isolation / FrontPage Extensions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
