IWAM account and Act as part of the operating system right

F

Frank1213

I have used the code sample from the KB article
http://support.microsoft.com/default.aspx/kb/248187
to impersonate a user from an ASP page and change the security context. The
impersonation works fine on Windows 2003 and XP but fails on Windows 2000.
The only way I can get impersonation to work is by enabling "Act as part of
the operating system" privileges for the IWAM_<computername> account as
mentioned in the KB article.
My question,
1. How big of a security risk is this when I deploy my application?
2. Is this an accepted security workaround?

Thanks in advance.
 
F

Frank1213

I would appreciate if anyone has any thoughts on this one. Basically, what is
the security risk if I grant the IWAM_<computername> user account the Act as
part of the operating system right?
Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Why is "Act as part of the operating system" dangerous? 2
RE: SE_TCB_NAME (Act as part of the operating system) privilege 4
Using LogonUser API in ASP.net with an account other than ASPNet account 3
Service Account replaced by IUSR ?? 5
Could not find a part of the path 3
Problem running ASP.NET 2.0 on Win2K domain controller 16
Impersonation headaches with ASP.NET 2.0 -- help! 2
U.S. warns on Java software as security concerns escalate 24

Members online

Total: 23 (members: 3, guests: 20)
Robots: 384

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top