Domain controller GPO does not deny logon locally right to IWAM_machinename when running aspnet.wp.e

Discussion in 'ASP .Net' started by \Rob\, May 9, 2004.

  1. \Rob\

    \Rob\ Guest

    On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
    runs under the IWAM_machinename acount (IIS 5). I have expressly denied this
    user the logon locally right in the domain controller GPO and yet this
    profile gets created under the Document and Settings folder. The
    IWAM_machinename registry hive remains loaded when the process ends. I have
    to manually unload it with regedt32.exe. Is this normal behavior?
    \Rob\, May 9, 2004
    #1
    1. Advertising

  2. Denying log on locally doesn't prevent a service logon, which is what's
    happening in this case. If you don't want the user to logon in any scenario,
    you'll need to deny service, batch, and network logon rights too.

    --
    --
    Brian Desmond
    Windows Server MVP
    12.il.us

    Http://www.briandesmond.com


    ""Rob"" <@> wrote in message news:...
    > On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
    > runs under the IWAM_machinename acount (IIS 5). I have expressly denied

    this
    > user the logon locally right in the domain controller GPO and yet this
    > profile gets created under the Document and Settings folder. The
    > IWAM_machinename registry hive remains loaded when the process ends. I

    have
    > to manually unload it with regedt32.exe. Is this normal behavior?
    >
    >
    Brian Desmond [MVP], May 10, 2004
    #2
    1. Advertising

  3. \Rob\

    \Rob\ Guest

    Ok, so why does IWAM_machinename registry hive remain loaded when the
    aspnet_wp.exe process ends? I have to manually unload it with regedt32.exe.
    Is this normal behavior?

    Thanks for the tip Brian
    --

    "Brian Desmond [MVP]" <12.il.us> wrote in message
    news:%...
    > Denying log on locally doesn't prevent a service logon, which is what's
    > happening in this case. If you don't want the user to logon in any

    scenario,
    > you'll need to deny service, batch, and network logon rights too.
    >
    > --
    > --
    > Brian Desmond
    > Windows Server MVP
    > 12.il.us
    >
    > Http://www.briandesmond.com
    >
    >
    > ""Rob"" <@> wrote in message news:...
    > > On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
    > > runs under the IWAM_machinename acount (IIS 5). I have expressly denied

    > this
    > > user the logon locally right in the domain controller GPO and yet this
    > > profile gets created under the Document and Settings folder. The
    > > IWAM_machinename registry hive remains loaded when the process ends. I

    > have
    > > to manually unload it with regedt32.exe. Is this normal behavior?
    > >
    > >

    >
    >
    \Rob\, May 10, 2004
    #3
  4. IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
    unload when the IISAdmin service shutsdown.

    --
    --
    Brian Desmond
    Windows Server MVP
    12.il.us

    Http://www.briandesmond.com


    ""Rob"" <@> wrote in message news:...
    > Ok, so why does IWAM_machinename registry hive remain loaded when the
    > aspnet_wp.exe process ends? I have to manually unload it with

    regedt32.exe.
    > Is this normal behavior?
    >
    > Thanks for the tip Brian
    > --
    >
    > "Brian Desmond [MVP]" <12.il.us> wrote in message
    > news:%...
    > > Denying log on locally doesn't prevent a service logon, which is what's
    > > happening in this case. If you don't want the user to logon in any

    > scenario,
    > > you'll need to deny service, batch, and network logon rights too.
    > >
    > > --
    > > --
    > > Brian Desmond
    > > Windows Server MVP
    > > 12.il.us
    > >
    > > Http://www.briandesmond.com
    > >
    > >
    > > ""Rob"" <@> wrote in message

    news:...
    > > > On a domain controller, the ASPNET (v1.1) worker process

    (aspnet.wp.exe)
    > > > runs under the IWAM_machinename acount (IIS 5). I have expressly

    denied
    > > this
    > > > user the logon locally right in the domain controller GPO and yet this
    > > > profile gets created under the Document and Settings folder. The
    > > > IWAM_machinename registry hive remains loaded when the process ends. I

    > > have
    > > > to manually unload it with regedt32.exe. Is this normal behavior?
    > > >
    > > >

    > >
    > >

    >
    >
    Brian Desmond [MVP], May 12, 2004
    #4
  5. \Rob\

    \Rob\ Guest

    It doesn't

    --

    "Brian Desmond [MVP]" <12.il.us> wrote in message
    news:...
    > IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
    > unload when the IISAdmin service shutsdown.
    >
    > --
    > --
    > Brian Desmond
    > Windows Server MVP
    > 12.il.us
    >
    > Http://www.briandesmond.com
    >
    >
    > ""Rob"" <@> wrote in message news:...
    > > Ok, so why does IWAM_machinename registry hive remain loaded when the
    > > aspnet_wp.exe process ends? I have to manually unload it with

    > regedt32.exe.
    > > Is this normal behavior?
    > >
    > > Thanks for the tip Brian
    > > --
    > >
    > > "Brian Desmond [MVP]" <12.il.us> wrote in message
    > > news:%...
    > > > Denying log on locally doesn't prevent a service logon, which is

    what's
    > > > happening in this case. If you don't want the user to logon in any

    > > scenario,
    > > > you'll need to deny service, batch, and network logon rights too.
    > > >
    > > > --
    > > > --
    > > > Brian Desmond
    > > > Windows Server MVP
    > > > 12.il.us
    > > >
    > > > Http://www.briandesmond.com
    > > >
    > > >
    > > > ""Rob"" <@> wrote in message

    > news:...
    > > > > On a domain controller, the ASPNET (v1.1) worker process

    > (aspnet.wp.exe)
    > > > > runs under the IWAM_machinename acount (IIS 5). I have expressly

    > denied
    > > > this
    > > > > user the logon locally right in the domain controller GPO and yet

    this
    > > > > profile gets created under the Document and Settings folder. The
    > > > > IWAM_machinename registry hive remains loaded when the process ends.

    I
    > > > have
    > > > > to manually unload it with regedt32.exe. Is this normal behavior?
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
    \Rob\, May 12, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul Fox
    Replies:
    0
    Views:
    744
    Paul Fox
    Mar 5, 2004
  2. Stefano
    Replies:
    2
    Views:
    357
    Stefano
    Nov 23, 2003
  3. Stephen Ferg
    Replies:
    6
    Views:
    343
    Heather Coppersmith
    May 11, 2004
  4. Jeff
    Replies:
    2
    Views:
    942
    clintonG
    Sep 19, 2006
  5. Bill Kellaway
    Replies:
    4
    Views:
    173
    Joe Kaplan \(MVP - ADSI\)
    Jan 20, 2004
Loading...

Share This Page