Link to home
Start Free TrialLog in
Avatar of dingo2045
dingo2045

asked on

IUSR and IWAM accounts for 2003 domain controller

Hi all,
I have a Windows 2000 domain with 2003 domain controllers. The existing "default domain controllers policy" has settings that allow Log On Locally and Access over the network for the IUSR and IWAM accounts for all the domain controllers. (IIS is not installed on the DCs)

1) Why would these accounts exist?
2) Why would they be given this type of access?

I have recently started work on this domain in terms of re-accessing GPO security settings and no-one here seems to know why these accounts are gievn these rights.
Any thoughts? Thanks,
Mark
ASKER CERTIFIED SOLUTION
Avatar of CptnTrips
CptnTrips

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dingo2045
dingo2045

ASKER

Thanks CT...that's what I am guessing also.

I am unaware of any other purpose for these accounts, other than IIS related - is there any risk in removing them from the security settings and ultimately deleting them?
No, I don't think so. The best way to test that is to just disable them for a while. If something comes up with them, just re-enable them. If not, dust them.
Thanks for your time!