« Previous Next »

• 06-21-2006, 11:39 AM

  dotcarlisle Joined on 06-21-2006, 3:37 PM Posts 2	Change Logon Account for WWW Publishing Service Reply Contact I'm trying to change the Logon account to a user that has administrative rights but am getting an access denied error.  What am I doing wrong? Thank you! Jon StrollAway StrollAway.com jon@strollaway.com

• 06-21-2006, 1:38 PM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,163	Re: Change Logon Account for WWW Publishing Service Reply Contact Why do you need to do this?  There's probably a safer solution to solve your problem ... Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 06-21-2006, 2:01 PM

  In reply to

  dotcarlisle Joined on 06-21-2006, 3:37 PM Posts 2

  Re: Change Logon Account for WWW Publishing Service Reply Contact The Problem was that the web server was being identified as the USER for database access and I did not want to grant access to the server for security reasons. I solved the problem by changing the identity of the Application Pool in IIS 6.0 to a user with administrative rights.  I also had to add this same user to the IIS_WPG Group. Jon StrollAway StrollAway.com jon@strollaway.com

• 06-21-2006, 2:44 PM

  In reply to

  jeff@zina.com Joined on 09-26-2003, 6:43 AM Naples, FL, USA Posts 2,090	Re: Change Logon Account for WWW Publishing Service Reply Contact There are more secure ways to do this as well, you don't need admin rights for this. Jeff Look for Wrox's new book Professional IIS 7 in your local bookstore, or order now at Amazon.com

• 06-22-2006, 11:15 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Central NJ Posts 6,163	Re: Change Logon Account for WWW Publishing Service Reply Contact Yes, that user does not need to be an admin. Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 06-22-2006, 12:28 PM

  In reply to

  mvolo Joined on 09-17-2003, 1:48 PM Philadelphia, PA Posts 584

  Re: Change Logon Account for WWW Publishing Service Reply Contact There are many ways to solve this problem without elevating the privilege of the entire application pool - this way, if your application is compromised, it has less potential for damaging your entire machine and other machines on the network. How are you connecting to the database - do you use ASP, ASP.NET, etc? You should consider using an encrypted connection string with a sql authentication username/password instead of using windows authentication.  If you want to use windows authentication to connect, you can create a special account that does not have administrative rights on the machine and is not interactive, and allow that account access to the SQL Server instead of using an administrative account.  You also have options for making a specific application impersonate that account instead of running the entire application pool in it. You should NEVER run your application pool under an administrative user, and you should also avoid using an administrative user to connect to SQL server. This posting is provided "AS IS" with no warranties, and confers no rights.