Understanding IUSR_<machine> account
Posted
by
liho1eye
on Server Fault
See other posts from Server Fault
or by liho1eye
Published on 2011-01-28T20:54:02Z
Indexed on
2011/01/28
23:28 UTC
Read the original article
Hit count: 181
Namely how is setting read/write permission for this account different from giving read/write access in the IIS (Windows 2003, so it should be IIS6 if I am not mistaken).
Here is the issue: It looks like we had a security sweep and as a part of that IUSR account lost write access everywhere. A whole bunch of legacy ASP sites didn't like that at all...
My very surfacish understanding is that it is enough to deny write access in the IIS console to protect a website from someone just dropping random files into it, and IUSR access only has effect on the application scripts running server side, and thus can be safely given write access back.
edit:
The applications in question obviously require write access to their own web folders, otherwise this wouldn't be an issue at all. Question is how to configure IIS/application to both satisfy security and make them work. My first instinct was to change account which is used to run the app pool. However that is already set to NETWORK_SERVICE, and that guy already has full access to folders in question.
© Server Fault or respective owner