<div>
You can do few things:<br />
&nbsp;- limit an account to be trusted for delegation only to specified services (with Kerberos only)<br />
&nbsp;- limit logon for this account only for specified computer(s)<br />
&nbsp;- secure communication between IIS and SQL server <br />
&nbsp;- review system and security logs on regular basis<br />
<br />
Hope this help
</div>


You can do few things:
 - limit an account to be trusted for delegation only to specified services (with Kerberos only)
 - limit logon for this account only for specified computer(s)
 - secure communication between IIS and SQL server
 - review system and security logs on regular basis

Hope this help

<div>
I think I've seen that for a full win2k3 installation. We are running in mixed mode currently. Is it still possible?
</div>


I think I've seen that for a full win2k3 installation. We are running in mixed mode currently. Is it still possible?

<div>
<div class="content wysiwyg-content">
I am looking for information on the security of an account trusted for delegation. We would like to use one for communication between IIS and SQL but are debating it due to it having the ability to impersonate accounts. How safe is this? What is there to prevent this account from being an exploit into our network? It is only being used for an intranet site but security risks are being evaluated before using this method.
</div>
</div>


I am looking for information on the security of an account trusted for delegation. We would like to use one for communication between IIS and SQL but are debating it due to it having the ability to impersonate accounts. How safe is this? What is there to prevent this account from being an exploit into our network? It is only being used for an intranet site but security risks are being evaluated before using this method.

Security of an account trusted for delegation

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.