Re: Application Pool - Service Account Permissions

[krymson () gmail com]

That is indeed a high risk. I'm not sure if they apply to IIS 7.5/Server 2008, but there have been recent .NET patches 
from Microsoft that fix issues where malicious code can take over that app pool account, especially if you allow users 
to upload content into a web-executable location.

Almost certainly, giving local admin rights is the poor (or time-starved) man's solution to, "My app isn't running 
because of a permissions problem." It certainly is correct to open up with a test under local admin rights, but to stop 
there is a travesty. More than likely the account just needs a few 'read' and maybe (if you're unlucky) some 'modify' 
rights on various local locations on the server. Some time taken during testing to have a sys admin watch execution 
using Filemon should reveal any needs.

Since you're using the same account across a few systems, perhaps this gets a bit hairy. I'm not sure the whole "dmz 
web farm" and "internal web farm" separation is strictly adhered to these days. Often you get the web (IIS 7.5) and app 
(app pool) "separated" but really just running on the same box.

It is certainly possible it does need high rights, if it is so poorly written and relies on way more things on the 
server than it should, but the app owner should still know every specific reason why. 

Also, hopefully your developers don't have access to that service account password! 


<- snip ->
Hi Folks,

Just wants to see what your thoughts were on an 2008R2 IIS7.5 application
pool identity user having local administrative privileges for a complex
internet facing .net web application? I was always taught that this is
high risk, but maybe things have changed. The basic setup is supposed to
be this. A front end (dmz zone) web farm, back end (trust zone) web farm ,
all connected to the same domain, using the same domain service account
that will need to be in the local administrators group on all the servers.
I have a feeling the application can be coded differently and I don't have
a real answer yet to why it needs to be this way.

Anyone have any thoughts?

Thanks in advance!!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------