Security regarding IUSR_ASP & IWAM_ASP on IIS 6.0

             Will there be any security risk for my system after i allow FULL ACCESS to IUSR_ASP & IWAM_ASP IIS accounts on websites that i host from Windows 2003 Enterprise Edition ? If yes, then what do i need to take into consideration ? waiting for your reply. Thank you

Who is Participating?
Ramesh SrinivasConnect With a Mentor Technical ConsultantCommented:
Hi there,

Firstly, Why would you want to give the entire website full access?
Do you mean the root folder or a subfolder?
Assigning full access to this account for specific subfolders is not a problem and you are safe to do so providing they are a logical layer of your app and do not contain executable scripts etc.

For example, giving full permission to the account on a subfolder where images/pdfs are created and stored is perfectly safe.

Giving full permission to the account on subfolders/root folders where there are scripts etc is not recommended as far as I am aware.

Saying this, the general consensus would be that there is no security risk unless some hostile
person can somehow take control of your ASP.Net app.

The following link can give you some details on what permissions the aspnet account has by default:

Hope that helps.



No Response to Expert.
Force closed.
Community Support Moderator
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.