Security Basics mailing list archives
Re: IIS6
From: Nicholas Diotte <xphox () xphox net>
Date: 7 Apr 2004 18:15:36 -0000
In-Reply-To: <8858C6182FCC434C9331054F989E01735D33BF () dsw29 wattens swarovski com> Thomas, I'm not a 100% sure on this, but I think the problem lies with the default application pool that is created for IIS. If I understand correctly, programs assigned to run under it run as "Network Service", which probably does not have the correct rights. I could be completely off ball on this, but you could try creating a user account, and assign it the proper permissions to be able to access the files, then run as that user, instead of a network service. Also don't forget to add that newly created user to IIS_WPG group, or you won't get very far... If this has pointed you in the wrong direction, please forgive me... Thank you, Nick
Dear list, some of our users want to use ftp for changing files with external partners. We use WS_FTP 4.02 Server and have a http frontend for our users. They connect to our intranetserver and come to a page where they can create ftp accounts which are automatically deleted after three days. The site is programmed in php an the script runs the iftpaddu.exe to create the users. Until now we used Apache on our intrantserver where everything worked fine. Now we migrated to IIS6 on Windows 2003 and when a user without admin permissions runs this script on the intranet page it doesn't work. Local Admin Users can still use the feature and create users. Can you tell me in which user context such a script runs on the IIS and where i can configure this permission? When logging on to a server with a non admin user and running the iftpaddu.exe everything works fine - so the error must be somewhere in the permissions of iis. Thanks, Thomas
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- IIS6 Locher Thomas (Apr 07)
- <Possible follow-ups>
- Re: IIS6 Nicholas Diotte (Apr 07)