Link to home
Create AccountLog in
Avatar of Member_2_4230068
Member_2_4230068Flag for United States of America

asked on

Security of an account trusted for delegation

I am looking for information on the security of an account trusted for delegation. We would like to use one for communication between IIS and SQL but are debating it due to it having the ability to impersonate accounts. How safe is this? What is there to prevent this account from being an exploit into our network? It is only being used for an intranet site but security risks are being evaluated before using this method.
Avatar of Locklear
Locklear
Flag of Czechia image

You can do few things:
 - limit an account to be trusted for delegation only to specified services (with Kerberos only)
 - limit logon for this account only for specified computer(s)
 - secure communication between IIS and SQL server
 - review system and security logs on regular basis

Hope this help
Avatar of Member_2_4230068

ASKER

I think I've seen that for a full win2k3 installation. We are running in mixed mode currently. Is it still possible?
ASKER CERTIFIED SOLUTION
Avatar of Locklear
Locklear
Flag of Czechia image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account