Identity of asp_wp.exe

Discussion in 'ASP .Net' started by Przemo Karlikowski, May 1, 2007.

  1. Hello!

    How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows
    2000 Server from ASPNET to LocalSystem?
    I want to do it to bypass SeTcbPrivelege privelege problem.

    Unfortunately, the method of changing asp_wp.exe identity described on
    http://msdn2.microsoft.com/en-us/library/dwc1xthy(vs.80).aspx does not work.

    Thank you in advance.
     
    Przemo Karlikowski, May 1, 2007
    #1
    1. Advertising

  2. re:
    !> Unfortunately, the method of changing asp_wp.exe identity described on
    !> http://msdn2.microsoft.com/en-us/library/dwc1xthy(vs.80).aspx does not work.

    Yes, it does work. I've helped many people set up accounts using those instructions.
    You can safely ignore the Application Pool instructions, since W2K doesn't use them.

    re:
    > How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows 2000 Server from
    > ASPNET to LocalSystem?


    Are you sure you don't mean the SYSTEM account ?

    Besides impersonating the user, per the article :

    <system.web>
    <processModel enable="true"
    userName="System" />
    </system.web>

    The "System" account doesn't need a password.

    Also, that only works in machine.config, not in web.config.

    I'd avoid impersonating the ASP.NET process account in machine.config.

    You should do it, for a particular application, in web.config :
    <identity impersonate="true" userName="accountname" password="password" />

    See:
    http://support.microsoft.com/default.aspx/kb/306158

    Additionally, run
    aspnet_regiis -ga "MachineName\Account"

    Additionally, make sure the following ACLs are set :
    http://msdn2.microsoft.com/en-us/library/kwzs111e(VS.80).aspx

    Also, you don't have to run ASP.NET as the SYSTEM account. In fact, you should *avoid* it.
    You can run ASP.NET as *any* account you want to, provided you assign the correct permissions.

    If you want to go that way ( and you should ), follow the instructions at :
    http://msdn2.microsoft.com/en-us/library/ms998297.aspx

    ....*and* run the steps detailed above.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ===================================
    "Przemo Karlikowski" <> wrote in message
    news:...
    > Hello!
    >
    > How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows 2000 Server from
    > ASPNET to LocalSystem?
    > I want to do it to bypass SeTcbPrivelege privelege problem.
    >
    > Unfortunately, the method of changing asp_wp.exe identity described on
    > http://msdn2.microsoft.com/en-us/library/dwc1xthy(vs.80).aspx does not work.
    >
    > Thank you in advance.
    >
     
    Juan T. Llibre, May 1, 2007
    #2
    1. Advertising

  3. I already had it in my machine.config:

    <system.web>
    <processModel enable="true" userName="System" />
    </system.web>

    I also ran
    aspnet_regiis -ga SYSTEM

    But instead of killing aspnet_wp.exe I should have restarted whole IIS and
    that was the issue.
    Now it works.

    I'm writing Asp.Net application that manages Windows accounts, and for
    several reasons it needs to run on System account.
    At least on Windows 2000.


    "Juan T. Llibre" <> wrote in message
    news:%...
    > re:
    > !> Unfortunately, the method of changing asp_wp.exe identity described on
    > !> http://msdn2.microsoft.com/en-us/library/dwc1xthy(vs.80).aspx does not
    > work.
    >
    > Yes, it does work. I've helped many people set up accounts using those
    > instructions.
    > You can safely ignore the Application Pool instructions, since W2K doesn't
    > use them.
    >
    > re:
    >> How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on
    >> Windows 2000 Server from ASPNET to LocalSystem?

    >
    > Are you sure you don't mean the SYSTEM account ?
    >
    > Besides impersonating the user, per the article :
    >
    > <system.web>
    > <processModel enable="true"
    > userName="System" />
    > </system.web>
    >
    > The "System" account doesn't need a password.
    >
    > Also, that only works in machine.config, not in web.config.
    >
    > I'd avoid impersonating the ASP.NET process account in machine.config.
    >
    > You should do it, for a particular application, in web.config :
    > <identity impersonate="true" userName="accountname" password="password" />
    >
    > See:
    > http://support.microsoft.com/default.aspx/kb/306158
    >
    > Additionally, run
    > aspnet_regiis -ga "MachineName\Account"
    >
    > Additionally, make sure the following ACLs are set :
    > http://msdn2.microsoft.com/en-us/library/kwzs111e(VS.80).aspx
    >
    > Also, you don't have to run ASP.NET as the SYSTEM account. In fact, you
    > should *avoid* it.
    > You can run ASP.NET as *any* account you want to, provided you assign the
    > correct permissions.
    >
    > If you want to go that way ( and you should ), follow the instructions at
    > :
    > http://msdn2.microsoft.com/en-us/library/ms998297.aspx
    >
    > ...*and* run the steps detailed above.
    >
    >
    >
    >
    > Juan T. Llibre, asp.net MVP
    > asp.net faq : http://asp.net.do/faq/
    > foros de asp.net, en español : http://asp.net.do/foros/
    > ===================================
     
    Przemo Karlikowski, May 1, 2007
    #3
  4. re:
    > Now it works.


    Good news.

    re:
    !>I already had it in my machine.config:
    !> I'm writing Asp.Net application that manages Windows accounts, and for
    !> several reasons it needs to run on System account.

    As long as you understand that, by putting that in machine.config,
    *all* the applications which run on that server will run as the System account.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en español : http://asp.net.do/foros/
    ===================================
    "Przemo Karlikowski" <> wrote in message
    news:%...
    >I already had it in my machine.config:
    >
    > <system.web>
    > <processModel enable="true" userName="System" />
    > </system.web>
    >
    > I also ran
    > aspnet_regiis -ga SYSTEM
    >
    > But instead of killing aspnet_wp.exe I should have restarted whole IIS and that was the issue.
    > Now it works.
    >
    > I'm writing Asp.Net application that manages Windows accounts, and for several reasons it needs to
    > run on System account.
    > At least on Windows 2000.



    > "Juan T. Llibre" <> wrote in message
    > news:%...
    >> re:
    >> !> Unfortunately, the method of changing asp_wp.exe identity described on
    >> !> http://msdn2.microsoft.com/en-us/library/dwc1xthy(vs.80).aspx does not work.
    >>
    >> Yes, it does work. I've helped many people set up accounts using those instructions.
    >> You can safely ignore the Application Pool instructions, since W2K doesn't use them.
    >>
    >> re:
    >>> How can I change the identity of asp_wp.exe (Asp.Net 2.0) process on Windows 2000 Server from
    >>> ASPNET to LocalSystem?

    >>
    >> Are you sure you don't mean the SYSTEM account ?
    >>
    >> Besides impersonating the user, per the article :
    >>
    >> <system.web>
    >> <processModel enable="true"
    >> userName="System" />
    >> </system.web>
    >>
    >> The "System" account doesn't need a password.
    >>
    >> Also, that only works in machine.config, not in web.config.
    >>
    >> I'd avoid impersonating the ASP.NET process account in machine.config.
    >>
    >> You should do it, for a particular application, in web.config :
    >> <identity impersonate="true" userName="accountname" password="password" />
    >>
    >> See:
    >> http://support.microsoft.com/default.aspx/kb/306158
    >>
    >> Additionally, run
    >> aspnet_regiis -ga "MachineName\Account"
    >>
    >> Additionally, make sure the following ACLs are set :
    >> http://msdn2.microsoft.com/en-us/library/kwzs111e(VS.80).aspx
    >>
    >> Also, you don't have to run ASP.NET as the SYSTEM account. In fact, you should *avoid* it.


    >> You can run ASP.NET as *any* account you want to, provided you assign the correct permissions.
    >>
    >> If you want to go that way ( and you should ), follow the instructions at :
    >> http://msdn2.microsoft.com/en-us/library/ms998297.aspx
    >>
    >> ...*and* run the steps detailed above.
    >>
    >>
    >>
    >>
    >> Juan T. Llibre, asp.net MVP
    >> asp.net faq : http://asp.net.do/faq/
    >> foros de asp.net, en español : http://asp.net.do/foros/
    >> ===================================

    >
    >
     
    Juan T. Llibre, May 1, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Donna

    Kill asp_wp process

    Donna, Dec 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    606
    Alvin Bruney
    Dec 10, 2003
  2. GregO
    Replies:
    0
    Views:
    423
    GregO
    Jul 20, 2004
  3. Rich Denis

    Strange 100% CPU issue with asp_wp

    Rich Denis, Aug 5, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    1,009
    Rich Denis
    Aug 11, 2004
  4. Paul King

    ASP_WP driving me mad...

    Paul King, Sep 24, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    488
    Paul King
    Sep 24, 2004
  5. prem
    Replies:
    1
    Views:
    1,634
    Shankara Narayanan
    Nov 3, 2004
Loading...

Share This Page