hello,experts
i can see such info in win2k system log (security log):
successful network logon : user:IUSR_Server domain:Server logon ID:(0x0,0x9D3DD)
logon model: 3 logon procedure: IIS
authentication process:MICROSOFT_AUTHENTI
workstation:Server
how this happen?can they really logon my system? what can they do on my machine? i have stoped the SERVER process.but the same infomation still happen at about 03:00~05:00.
what can i do then?i want to make my system more strong.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
The IUSR_Server account is the generic account used to access resources over HTTP that the server is providing. This account should not be used to access anything but web-content. If this server is running IIS 5.0, then you must consider running the IIS lock-down tool to secure Windows 2000 and IIS.
A better option would be to ugrade your installation to Windows Server 2003 and IIS 6.0.
/F
Hi Firebar,
what shall i do to get "This account should not be used to access anything but web-content".whether the account should be delete from the guest groups? i will study the IIS lock-down tool.
Hi Trenes,
i intall the MBSA tool on the server at Friday,but it can't run ,i don't konw what 's the problem.
what document i can study to find what the IUSR_Server 's info,i think i must study it .
The IIS lock-down tool can be downloaded from Microsoft's web-site.
Try: http://www.google.com/micr
I would start by determining the group membership the IUSR account has involvment. Take the critical areas of the filesystem and make sure that user account and it's groups do not have unauthorized access to that filesystem. The IIS lock-down tool will help to do exactly that.
/F
Please don't delete the IUSR account, otherwise your web server won't work, and IIS will undoubtedly need reinstalling!
MSBA 2.0 is a good start - but think about other things too -ie physical security, policies, procedures, run regular vulnerability scans, as MSBA alone will not offer you compelte protection.
Business Accounts
Answer for Membership
by: trenesPosted on 2006-11-25 at 05:24:41ID: 18011241
Hi martinbjlee,
Run the Microsoft Baseline Security Tool to see if you are well protected or not.
IUSR user is used by IIS and I think its just the IIS process that logs on not a user but run the MBSA tool.
http://www.microsoft.com/t
Cheers!
regards,
Trenes