Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Grant IIS server account network access

Posted on 2009-05-04
6
Medium Priority
?
353 Views
Last Modified: 2012-08-14
I have a server running IIS6 that we need to be able to access network resources on our network.  The server that it is on right now is not a domain controller.  Our domain controller does not have IIS installed on it.  How can I get the IUSR_SERVER1 account to be able to access other servers?
0
Comment
Question by:sharkbot221984
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 24304564
Try granting the AD\<MachineName>$ account access to the resource and see if this grants it access.
Or try granting <MachineName>\IUSR_<MachineName> access.
0
 
LVL 8

Author Comment

by:sharkbot221984
ID: 24307586
The user that needs this went in and put his information DOMAIN\username in place of the IUSR_machinename and claims that is letting him do what he needs for now.  If this is true, I guess I could just create a domain account just for this purpose, but wouldn't that pose a security issue?
0
 
LVL 22

Expert Comment

by:cj_1969
ID: 24307737
yes ... it means that if anyone hacks the website they can execute code or access any resources that those credentials can.

That said ... this is also a legitimate way to deal with the problem.  It is a question of risk versus being able to do what you want to do.

A service account is definitely recommended over a user account as you are starting from scratch with permissions and you have some semblance of control over what it can access, there by limiting your risk and exposure if the site is compromised.  Same idea as changing the application pool logon ID to get code to do what you want.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 8

Author Comment

by:sharkbot221984
ID: 24308400
Okay that confirms what I was thinking, it's a catch 22.  I create a service account that makes it easy to have the websites gain access to resources needed that are stored on other servers, but that also creates a security issue.

I noticed in our AD, someone created a user account called IUSR_SERVER, but I've not seen this setup as the IUSR account on any other server.  Any thoughts as to why this is done?  Was/is this an attempt at a service account that's more secure than a general user account?
0
 
LVL 22

Accepted Solution

by:
cj_1969 earned 2000 total points
ID: 24308615
I t could be ... I don't think an IUSR_<> account is created in AD by anything as a default.  

I just found this page, take a look at it, it might have some other options that you can use ... http://imar.spaanjaars.com/QuickDocId.aspx?quickdoc=276

0
 
LVL 8

Author Closing Comment

by:sharkbot221984
ID: 31577821
I agree, I think the IUSR_<> account in AD wasn't made by default.  Looks like that link is a good guide for all the options.  I think the service acount in AD is the best choice, just give it access to only that which you need it to, and give it a very strong password.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question