IWAM account and Act as part of the operating system right

Discussion in 'ASP .Net Security' started by Frank1213, Nov 22, 2006.

  1. Frank1213

    Frank1213 Guest

    I have used the code sample from the KB article
    http://support.microsoft.com/default.aspx/kb/248187
    to impersonate a user from an ASP page and change the security context. The
    impersonation works fine on Windows 2003 and XP but fails on Windows 2000.
    The only way I can get impersonation to work is by enabling "Act as part of
    the operating system" privileges for the IWAM_<computername> account as
    mentioned in the KB article.
    My question,
    1. How big of a security risk is this when I deploy my application?
    2. Is this an accepted security workaround?

    Thanks in advance.
    Frank1213, Nov 22, 2006
    #1
    1. Advertising

  2. Frank1213

    Frank1213 Guest

    I would appreciate if anyone has any thoughts on this one. Basically, what is
    the security risk if I grant the IWAM_<computername> user account the Act as
    part of the operating system right?
    Thanks.

    "Frank1213" wrote:

    > I have used the code sample from the KB article
    > http://support.microsoft.com/default.aspx/kb/248187
    > to impersonate a user from an ASP page and change the security context. The
    > impersonation works fine on Windows 2003 and XP but fails on Windows 2000.
    > The only way I can get impersonation to work is by enabling "Act as part of
    > the operating system" privileges for the IWAM_<computername> account as
    > mentioned in the KB article.
    > My question,
    > 1. How big of a security risk is this when I deploy my application?
    > 2. Is this an accepted security workaround?
    >
    > Thanks in advance.
    Frank1213, Nov 28, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steven Cheng[MSFT]
    Replies:
    4
    Views:
    4,301
    Steven Cheng[MSFT]
    May 13, 2004
  2. =?Utf-8?B?RnJhbmsxMjEz?=

    IWAM account on Windows 2000

    =?Utf-8?B?RnJhbmsxMjEz?=, Dec 1, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    485
    =?Utf-8?B?RnJhbmsxMjEz?=
    Dec 1, 2006
  3. Arturo
    Replies:
    2
    Views:
    232
    Arturo
    Apr 14, 2004
  4. ScottLR
    Replies:
    12
    Views:
    470
    Steven Cheng[MSFT]
    Sep 23, 2005
  5. Helena Cai
    Replies:
    0
    Views:
    378
    Helena Cai
    Aug 29, 2004
Loading...

Share This Page