«

What are the security rammifications of having an IIS 5.0 box, where the
anonymous user is a domain user as opposed to the normail IUSR_Machine
account?

How would this be amplified, if at all, by having the default Everyone group
with full control on the file system? The box is behind a good firewall.

Thanks for your time,

Henry

I will take a quick stab at this but by running your website as a domain
user it is basically giving permission to your web server to access anything
that the Everyone group on your entire DOMAIN can access. That means that
if someone manages to take advantage of one of the many IIS vulnerabilities
they very well may have access to information all over your network instead
of just the one machine.

Mike

"Henry Splatt" <> wrote in message
news:AsG5b.3628780$...
> What are the security rammifications of having an IIS 5.0 box, where the
> anonymous user is a domain user as opposed to the normail IUSR_Machine
> account?
>
> How would this be amplified, if at all, by having the default Everyone
group
> with full control on the file system? The box is behind a good firewall.
>
> Thanks for your time,
>
> Henry
>
>

In article <YnS5b.163374$_V.118026
@news04.bloor.is.net.cable.rogers.com>, says...
> I will take a quick stab at this but by running your website as a domain
> user it is basically giving permission to your web server to access anything
> that the Everyone group on your entire DOMAIN can access. That means that
> if someone manages to take advantage of one of the many IIS vulnerabilities
> they very well may have access to information all over your network instead
> of just the one machine.

That's why you learn how to lock your IIS server down - there are many
easy ways to secure IIS so that if someone does compromise it that they
won't be able to run CMD.COM and other things necessary to do damage.

Please follow NORMAL/STANDARD usenet etiquette and BOTTOM post.

Mark


--
--

(Remove 999 to reply to me)