«

On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinename acount (IIS 5). I have expressly denied this
user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinename registry hive remains loaded when the process ends. I have
to manually unload it with regedt32.exe. Is this normal behavior?

Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any scenario,
you'll need to deny service, batch, and network logon rights too.

--
--
Brian Desmond
Windows Server MVP


Http://www.briandesmond.com


""Rob"" <@> wrote in message news:...
> On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
> runs under the IWAM_machinename acount (IIS 5). I have expressly denied
this
> user the logon locally right in the domain controller GPO and yet this
> profile gets created under the Document and Settings folder. The
> IWAM_machinename registry hive remains loaded when the process ends. I
have
> to manually unload it with regedt32.exe. Is this normal behavior?
>
>

Ok, so why does IWAM_machinename registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with regedt32.exe.
Is this normal behavior?

Thanks for the tip Brian
--

"Brian Desmond [MVP]" <> wrote in message
news:%...
> Denying log on locally doesn't prevent a service logon, which is what's
> happening in this case. If you don't want the user to logon in any
scenario,
> you'll need to deny service, batch, and network logon rights too.
>
> --
> --
> Brian Desmond
> Windows Server MVP
>
>
> Http://www.briandesmond.com
>
>
> ""Rob"" <@> wrote in message news:...
> > On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
> > runs under the IWAM_machinename acount (IIS 5). I have expressly denied
> this
> > user the logon locally right in the domain controller GPO and yet this
> > profile gets created under the Document and Settings folder. The
> > IWAM_machinename registry hive remains loaded when the process ends. I
> have
> > to manually unload it with regedt32.exe. Is this normal behavior?
> >
> >
>
>

IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
unload when the IISAdmin service shutsdown.

--
--
Brian Desmond
Windows Server MVP


Http://www.briandesmond.com


""Rob"" <@> wrote in message news:...
> Ok, so why does IWAM_machinename registry hive remain loaded when the
> aspnet_wp.exe process ends? I have to manually unload it with
regedt32.exe.
> Is this normal behavior?
>
> Thanks for the tip Brian
> --
>
> "Brian Desmond [MVP]" <> wrote in message
> news:%...
> > Denying log on locally doesn't prevent a service logon, which is what's
> > happening in this case. If you don't want the user to logon in any
> scenario,
> > you'll need to deny service, batch, and network logon rights too.
> >
> > --
> > --
> > Brian Desmond
> > Windows Server MVP
> >
> >
> > Http://www.briandesmond.com
> >
> >
> > ""Rob"" <@> wrote in message
news:...
> > > On a domain controller, the ASPNET (v1.1) worker process
(aspnet.wp.exe)
> > > runs under the IWAM_machinename acount (IIS 5). I have expressly
denied
> > this
> > > user the logon locally right in the domain controller GPO and yet this
> > > profile gets created under the Document and Settings folder. The
> > > IWAM_machinename registry hive remains loaded when the process ends. I
> > have
> > > to manually unload it with regedt32.exe. Is this normal behavior?
> > >
> > >
> >
> >
>
>

It doesn't

--

"Brian Desmond [MVP]" <> wrote in message
news:...
> IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
> unload when the IISAdmin service shutsdown.
>
> --
> --
> Brian Desmond
> Windows Server MVP
>
>
> Http://www.briandesmond.com
>
>
> ""Rob"" <@> wrote in message news:...
> > Ok, so why does IWAM_machinename registry hive remain loaded when the
> > aspnet_wp.exe process ends? I have to manually unload it with
> regedt32.exe.
> > Is this normal behavior?
> >
> > Thanks for the tip Brian
> > --
> >
> > "Brian Desmond [MVP]" <> wrote in message
> > news:%...
> > > Denying log on locally doesn't prevent a service logon, which is
what's
> > > happening in this case. If you don't want the user to logon in any
> > scenario,
> > > you'll need to deny service, batch, and network logon rights too.
> > >
> > > --
> > > --
> > > Brian Desmond
> > > Windows Server MVP
> > >
> > >
> > > Http://www.briandesmond.com
> > >
> > >
> > > ""Rob"" <@> wrote in message
> news:...
> > > > On a domain controller, the ASPNET (v1.1) worker process
> (aspnet.wp.exe)
> > > > runs under the IWAM_machinename acount (IIS 5). I have expressly
> denied
> > > this
> > > > user the logon locally right in the domain controller GPO and yet
this
> > > > profile gets created under the Document and Settings folder. The
> > > > IWAM_machinename registry hive remains loaded when the process ends.
I
> > > have
> > > > to manually unload it with regedt32.exe. Is this normal behavior?
> > > >
> > > >
> > >
> > >
> >
> >
>
>