mitnick2
asked on
Webserver - What account should be running ?
I am running a test web server on windows 2000, and i was wandering, if a web server should be running logged in the Administrator account or should it be running on another type of account ? Is it insecure to have it on the Administrator account ? I hope someone can answer my questions. Thanks in advance.
Regards,
slop
Regards,
slop
You should be running your IIS services under the LocalSystem account and not the administrator account.
ASKER
Thanks for the answer Mcscotsman, but i was talking about the whole machine. Its a win 2k machine running IIS 5, therefore, IIS should be running under localsystem right ? and on what account should the whole system be ? sorry if you find this a stupid question...i am not very experienced.
Thanks
slop
Thanks
slop
ASKER
Thanks for the answer Mcscotsman, but i was talking about the whole machine. Its a win 2k machine running IIS 5, therefore, IIS should be running under localsystem right ? and on what account should the whole system be ? sorry if you find this a stupid question...i am not very experienced.
Thanks
slop
Thanks
slop
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks embeddedmind for your advice, it has been useful to me.
Mitnick2 is right. IIS runs as a service. These should start automatically when the system boots (and sometimes they don't start and you have to fix the conflict.) Leaving your system logged on as an administrator also increases some hackers' capapbilities and one way to cercumvent (sp?) this is to use the "run as" command when needing administrative rights for an mmc or the sort.
Sorry, that was EmbeddedMind- not Mitnick2. Cheers.