SBS 2000 + ASP.NET 1.1 + IIS Lockdown not working.

D

Douglas J. Badin

When I apply IIS Lockdown to SBS 2000 + ASP.NET 1.1 I run into NTFS
persmission issues with the IWAM_computername user account, i.e. csc.exe.

I tried using the Dynamic Web template and the SBS template with IIS
lockdown but both had the same issues. I

Is there an existing template to make this work?

I understand from Q315158 that since SBS 2000 is a domain controller, .NET
can not create the local ASPNET account since local accounts do not exist on
a domain controller, so it uses the IWAM_computername.

The IIS Lockdown adds IWAM to the "_Web Applications" Group and denys access
to many files and directories for that Group. Even if I use impersonation,
IWAM still tries to do the compiling amongst other things.

I have tried setting up a Custom Account for the ASP.NET worker process per
"Improving Web Application Security: Treats and Countermeasures", Chapter
19 - "Securing Your ASP.NET Application and Web Services",
http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh19.asp. But it
is having problems when accessing SQL Server as if impersonation is not
working even after giving it "impersonate a client after authentication" per
Q324308.

Any ideas?

Thanks,
Doug
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top