I'm setting up a windows 2003 R2 box with iis 6 that pulls from a share. The box will host multiple sites and from reading it is advisable to use a unique IUSR for each. Not a problem. I'd like to make them domain users so that they can be managed in AD.
My question is what are the security concerns when using Domain users as anon users and as user accounts for Application pools. I've noticed that the default domain user has alot of a access to the rest of the domain and I want to make sure that I don't provide people with a nice pool of users with which to go roaming about my network.
Also on the share that is being used should I give all read and write and then use NTFS permissions on the folders themselves to limit read and right.
Have searched on this and have a feeling my search terms are my biggest problem.