Avatar of Member_2_4230068
Member_2_4230068
Flag for United States of America asked on

Security of an account trusted for delegation

I am looking for information on the security of an account trusted for delegation. We would like to use one for communication between IIS and SQL but are debating it due to it having the ability to impersonate accounts. How safe is this? What is there to prevent this account from being an exploit into our network? It is only being used for an intranet site but security risks are being evaluated before using this method.
SecurityActive Directory

Avatar of undefined
Last Comment
Locklear

8/22/2022 - Mon
Locklear

You can do few things:
 - limit an account to be trusted for delegation only to specified services (with Kerberos only)
 - limit logon for this account only for specified computer(s)
 - secure communication between IIS and SQL server
 - review system and security logs on regular basis

Hope this help
Member_2_4230068

ASKER
I think I've seen that for a full win2k3 installation. We are running in mixed mode currently. Is it still possible?
ASKER CERTIFIED SOLUTION
Locklear

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy