Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 170
  • Last Modified:

Webserver - What account should be running ?

I am running a test web server on windows 2000, and i was wandering, if a web server should be running logged in the Administrator account or should it be running on another type of account ? Is it insecure to have it on the Administrator account ? I hope someone can answer my questions. Thanks in advance.

Regards,

slop
0
mitnick2
Asked:
mitnick2
  • 3
  • 3
1 Solution
 
McscotsmanCommented:
You should be running your IIS services under the LocalSystem account and not the administrator account.
0
 
mitnick2Author Commented:
Thanks for the answer Mcscotsman, but i was talking about the whole machine. Its a win 2k machine running IIS 5, therefore, IIS should be running under localsystem right ? and on what account should the whole system be ? sorry if you find this a stupid question...i am not very experienced.
Thanks

slop
0
 
mitnick2Author Commented:
Thanks for the answer Mcscotsman, but i was talking about the whole machine. Its a win 2k machine running IIS 5, therefore, IIS should be running under localsystem right ? and on what account should the whole system be ? sorry if you find this a stupid question...i am not very experienced.
Thanks

slop
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
EmbeddedMindCommented:
Mitnick2, its not a silly question. You really don't need to log in to the system at all for it to act as a server. Its better not to leave it logged in as administrator, for local security purposes. So, don't leave the machine logged in; log in when you need to do something and then log off. Hope this helps.
*Embedded
0
 
mitnick2Author Commented:
Thanks embeddedmind for your advice, it has been useful to me.
0
 
McscotsmanCommented:
Mitnick2 is right. IIS runs as a service. These should start automatically when the system boots (and sometimes they don't start and you have to fix the conflict.) Leaving your system logged on as an administrator also increases some hackers' capapbilities and one way to cercumvent (sp?) this is to use the "run as" command when needing administrative rights for an mmc or the sort.
0
 
McscotsmanCommented:
Sorry, that was EmbeddedMind- not Mitnick2. Cheers.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now