Previous Next

• 04-18-2007, 6:05 PM

  subterfuge Joined on 04-18-2007, 10:02 PM Posts 1 subterfuge

  IUSR account - Administrator rights? Reply Contact We had a .NET (1.1) application installed on a webserver by a third party on a Windows Server 2003 SP2 server.  What I've discovered is that in order to get their application to work properly, instead of tracking down all the permissions errors for their application, they made the ASPNET and IUSR account part of the local administrators group on the webserver. Is this ok?  Everything about this screams security risk, but I need some hard evidence that this is completely and totally wrong..   Thanks

  Tags: IIS 6.0administratorASPNETIUSR

• 04-19-2007, 2:12 AM

  In reply to

  thomad Joined on 08-20-2002, 3:28 PM Redmond Posts 387 thomad	Re: IUSR account - Administrator rights? Reply Contact Subterfuge,  You are absolutely right. This is a big security risk. They should try to figure out what permissions they need instead of making IUSR and ASPNET an administrator. Hope this helps Thomas Deml Senior Program Manager Internet Information Services Microsoft Corp.

• 04-19-2007, 3:06 AM

  In reply to

  qbernard Joined on 03-25-2003, 10:12 PM Malaysia Posts 2,218 qbernard	Re: IUSR account - Administrator rights? Reply Contact Get filemon/procmon to trace the access related issue. Cheers, Bernard Cheah