Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Set username to "system" in machine.config, but ASP.NET running as NETWORK SERVICE

Reply
Thread Tools

Set username to "system" in machine.config, but ASP.NET running as NETWORK SERVICE

 
 
wizofaus@hotmail.com
Guest
Posts: n/a
 
      12-30-2006
I've now created the same setup on four different machines, where I'm
changing the processModel section machine.config so that ASP.NET (1.1)
runs as SYSTEM, to give it permission to do various things like access
the Task Scheduler etc.
Three of the machines are using IIS 5.1 and work fine. The 4th machine
is using IIS 6.0, and also has ASP.NET 2.0 installed (but I've made
sure that the IIS application in question is using ASP.NET 1.1). But
on this machine, the machine.config setting seems be to getting
ignored, and the process is running as "NETWORK SERVICE", which does
*not* have permission to access the Task Scheduler (at least, by
default - presumably I could grant it this access).
Any clues why this setting would not work under IIS 6.0? I've tried
rerunning aspnet_regiis, restarting the web server any number of times,
but to no avail.

Thanks.

 
Reply With Quote
 
 
 
 
wizofaus@hotmail.com
Guest
Posts: n/a
 
      12-30-2006

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I've now created the same setup on four different machines, where I'm
> changing the processModel section machine.config so that ASP.NET (1.1)
> runs as SYSTEM, to give it permission to do various things like access
> the Task Scheduler etc.
> Three of the machines are using IIS 5.1 and work fine. The 4th machine
> is using IIS 6.0, and also has ASP.NET 2.0 installed (but I've made
> sure that the IIS application in question is using ASP.NET 1.1). But
> on this machine, the machine.config setting seems be to getting
> ignored, and the process is running as "NETWORK SERVICE", which does
> *not* have permission to access the Task Scheduler (at least, by
> default - presumably I could grant it this access).
> Any clues why this setting would not work under IIS 6.0? I've tried
> rerunning aspnet_regiis, restarting the web server any number of times,
> but to no avail.
>

Never mind, found the problem - under IIS 6.0 it appears you have to
configure the application pool identity instead. I assume then the
processModel section in machine.config is not used under IIS 6.0.

Writing an install that can do all this automatically is going to be
fun.

 
Reply With Quote
 
 
 
 
Yinon Ehrlich
Guest
Posts: n/a
 
      01-02-2007
(E-Mail Removed) wrote:
> (E-Mail Removed) wrote:
>> I've now created the same setup on four different machines, where I'm
>> changing the processModel section machine.config so that ASP.NET (1.1)
>> runs as SYSTEM, to give it permission to do various things like access
>> the Task Scheduler etc.
>> Three of the machines are using IIS 5.1 and work fine. The 4th machine
>> is using IIS 6.0, and also has ASP.NET 2.0 installed (but I've made
>> sure that the IIS application in question is using ASP.NET 1.1). But
>> on this machine, the machine.config setting seems be to getting
>> ignored, and the process is running as "NETWORK SERVICE", which does
>> *not* have permission to access the Task Scheduler (at least, by
>> default - presumably I could grant it this access).
>> Any clues why this setting would not work under IIS 6.0? I've tried
>> rerunning aspnet_regiis, restarting the web server any number of times,
>> but to no avail.
>>

> Never mind, found the problem - under IIS 6.0 it appears you have to
> configure the application pool identity instead. I assume then the
> processModel section in machine.config is not used under IIS 6.0.
>
> Writing an install that can do all this automatically is going to be
> fun.
>



Hi,

Instead of doing these tweaks on installation, you can use impersonation
- even per application - by add the following line in your application's
web.config:
<identity impersonate = "true" userName="SYSTEM"/>
 
Reply With Quote
 
wizofaus@hotmail.com
Guest
Posts: n/a
 
      01-02-2007

Yinon Ehrlich wrote:
> (E-Mail Removed) wrote:
> > (E-Mail Removed) wrote:
> >> I've now created the same setup on four different machines, where I'm
> >> changing the processModel section machine.config so that ASP.NET (1.1)
> >> runs as SYSTEM, to give it permission to do various things like access
> >> the Task Scheduler etc.
> >> Three of the machines are using IIS 5.1 and work fine. The 4th machine
> >> is using IIS 6.0, and also has ASP.NET 2.0 installed (but I've made
> >> sure that the IIS application in question is using ASP.NET 1.1). But
> >> on this machine, the machine.config setting seems be to getting
> >> ignored, and the process is running as "NETWORK SERVICE", which does
> >> *not* have permission to access the Task Scheduler (at least, by
> >> default - presumably I could grant it this access).
> >> Any clues why this setting would not work under IIS 6.0? I've tried
> >> rerunning aspnet_regiis, restarting the web server any number of times,
> >> but to no avail.
> >>

> > Never mind, found the problem - under IIS 6.0 it appears you have to
> > configure the application pool identity instead. I assume then the
> > processModel section in machine.config is not used under IIS 6.0.
> >
> > Writing an install that can do all this automatically is going to be
> > fun.
> >

>
>
> Hi,
>
> Instead of doing these tweaks on installation, you can use impersonation
> - even per application - by add the following line in your application's
> web.config:
> <identity impersonate = "true" userName="SYSTEM"/>


Are you sure? That seems like a security loophole - if a
non-Administrator had write access to a directory containing an ASP.NET
application, they could easily change it to run as LocalSystem, which
typically has full access to everything. Certainly our intention is to
allow support staff write access to the directories where ASP.NET apps
sit, as the web.config file has some settings they may need to adjust -
but we certainly wouldn't want to allow them to change the process
identity (in future versions I hope not to require running as Local
System, but for now it's the least problematic).

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
loginview control displays network username instead of (web) username Shailesh Patel ASP .Net Web Controls 0 11-08-2006 08:19 PM
Use IsInRole method with Domain and Username, but without password Steve Kallal ASP .Net Security 9 06-09-2005 05:28 PM
Change the username found in "C:\Documents and Settings\Username" The Reluctant Robot Named Jude Computer Support 1 05-05-2004 07:11 AM
python service running on Win Xp, but failing on Win NT Workstation :( Ringwraith Python 4 01-27-2004 07:07 PM
I'm trying to network a deasktop running 98SE and a laptop running XP. Marc Computer Support 8 11-19-2003 03:01 AM



Advertisments