Link to home
Start Free TrialLog in
Avatar of mitnick2
mitnick2

asked on

Webserver - What account should be running ?

I am running a test web server on windows 2000, and i was wandering, if a web server should be running logged in the Administrator account or should it be running on another type of account ? Is it insecure to have it on the Administrator account ? I hope someone can answer my questions. Thanks in advance.

Regards,

slop
Avatar of Mcscotsman
Mcscotsman

You should be running your IIS services under the LocalSystem account and not the administrator account.
Avatar of mitnick2

ASKER

Thanks for the answer Mcscotsman, but i was talking about the whole machine. Its a win 2k machine running IIS 5, therefore, IIS should be running under localsystem right ? and on what account should the whole system be ? sorry if you find this a stupid question...i am not very experienced.
Thanks

slop
Thanks for the answer Mcscotsman, but i was talking about the whole machine. Its a win 2k machine running IIS 5, therefore, IIS should be running under localsystem right ? and on what account should the whole system be ? sorry if you find this a stupid question...i am not very experienced.
Thanks

slop
ASKER CERTIFIED SOLUTION
Avatar of EmbeddedMind
EmbeddedMind

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks embeddedmind for your advice, it has been useful to me.
Mitnick2 is right. IIS runs as a service. These should start automatically when the system boots (and sometimes they don't start and you have to fix the conflict.) Leaving your system logged on as an administrator also increases some hackers' capapbilities and one way to cercumvent (sp?) this is to use the "run as" command when needing administrative rights for an mmc or the sort.
Sorry, that was EmbeddedMind- not Mitnick2. Cheers.