473,555 Members | 2,297 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Domain controller GPO does not deny logon locally right to IWAM_machinenam e when running aspnet.wp.exe

On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinenam e acount (IIS 5). I have expressly denied this
user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinenam e registry hive remains loaded when the process ends. I have
to manually unload it with regedt32.exe. Is this normal behavior?
Nov 18 '05 #1
4 2734
Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any scenario,
you'll need to deny service, batch, and network logon rights too.

--
--
Brian Desmond
Windows Server MVP
de******@payton .cps.k12.il.us

Http://www.briandesmond.com
""Rob"" <@> wrote in message news:uV******** ******@TK2MSFTN GP12.phx.gbl...
On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinenam e acount (IIS 5). I have expressly denied this user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinenam e registry hive remains loaded when the process ends. I have to manually unload it with regedt32.exe. Is this normal behavior?

Nov 18 '05 #2
Ok, so why does IWAM_machinenam e registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with regedt32.exe.
Is this normal behavior?

Thanks for the tip Brian
--

"Brian Desmond [MVP]" <de******@payto n.cps.k12.il.us > wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..
Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any scenario, you'll need to deny service, batch, and network logon rights too.

--
--
Brian Desmond
Windows Server MVP
de******@payton .cps.k12.il.us

Http://www.briandesmond.com
""Rob"" <@> wrote in message news:uV******** ******@TK2MSFTN GP12.phx.gbl...
On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinenam e acount (IIS 5). I have expressly denied

this
user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinenam e registry hive remains loaded when the process ends. I

have
to manually unload it with regedt32.exe. Is this normal behavior?


Nov 18 '05 #3
IWAM_MachineNam e is an IIS account, not an ASPNet account. IWAM should
unload when the IISAdmin service shutsdown.

--
--
Brian Desmond
Windows Server MVP
de******@payton .cps.k12.il.us

Http://www.briandesmond.com
""Rob"" <@> wrote in message news:eW******** ******@TK2MSFTN GP10.phx.gbl...
Ok, so why does IWAM_machinenam e registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with regedt32.exe. Is this normal behavior?

Thanks for the tip Brian
--

"Brian Desmond [MVP]" <de******@payto n.cps.k12.il.us > wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..
Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any

scenario,
you'll need to deny service, batch, and network logon rights too.

--
--
Brian Desmond
Windows Server MVP
de******@payton .cps.k12.il.us

Http://www.briandesmond.com
""Rob"" <@> wrote in message news:uV******** ******@TK2MSFTN GP12.phx.gbl...
On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe) runs under the IWAM_machinenam e acount (IIS 5). I have expressly
denied this
user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinenam e registry hive remains loaded when the process ends. I

have
to manually unload it with regedt32.exe. Is this normal behavior?



Nov 18 '05 #4
It doesn't

--

"Brian Desmond [MVP]" <de******@payto n.cps.k12.il.us > wrote in message
news:O6******** ******@TK2MSFTN GP12.phx.gbl...
IWAM_MachineNam e is an IIS account, not an ASPNet account. IWAM should
unload when the IISAdmin service shutsdown.

--
--
Brian Desmond
Windows Server MVP
de******@payton .cps.k12.il.us

Http://www.briandesmond.com
""Rob"" <@> wrote in message news:eW******** ******@TK2MSFTN GP10.phx.gbl...
Ok, so why does IWAM_machinenam e registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with

regedt32.exe.
Is this normal behavior?

Thanks for the tip Brian
--

"Brian Desmond [MVP]" <de******@payto n.cps.k12.il.us > wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..
Denying log on locally doesn't prevent a service logon, which is what's happening in this case. If you don't want the user to logon in any

scenario,
you'll need to deny service, batch, and network logon rights too.

--
--
Brian Desmond
Windows Server MVP
de******@payton .cps.k12.il.us

Http://www.briandesmond.com
""Rob"" <@> wrote in message news:uV******** ******@TK2MSFTN GP12.phx.gbl... > On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe) > runs under the IWAM_machinenam e acount (IIS 5). I have expressly denied this
> user the logon locally right in the domain controller GPO and yet this > profile gets created under the Document and Settings folder. The
> IWAM_machinenam e registry hive remains loaded when the process ends. I have
> to manually unload it with regedt32.exe. Is this normal behavior?
>
>



Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
411
by: jano | last post by:
Hi, I am trying to install a web application on an AD domain controller (security risk I know but it is our client's requirement) and i need to give the aspnet account certain permissions. However, the account is not listed in AD users and computers snap-in, though I can see IWAM and IUSR. Where is this account? I have installed the .net...
2
2266
by: Leonard | last post by:
I am using SmtpMail on a couple of ASP.NET pages. When mail is sent to an address outside the domain I get the "Could not access 'CDO.Message' object." error message. I have looked in the newsgroup and I see several entries on this but none that seem to work in my situation. Exchange 2000 is running on same machine as the Web server...
1
1661
by: Drunken Coder | last post by:
I have a small network setup in my home where I have my workstation which is WindowsXP Home Edition and a server running Windows 2000 Server configured as a domain controller. The domain controller has Visual Studio.NET installed on it and IIS is configured. This machine is also hosting my SQL Server 2000. Everything except debugging seems to...
3
2014
by: Richard Chandler | last post by:
We're having a problem with ASP.NET security and running on a Win2k Domain Controller. We can't set up the access rights to the registry for ASPNET as the user doesn't exist, this access is required so that the process can obtain the credentials from the registry (as stamped with aspnet_setreg.exe) and impersonate the required network user....
13
2206
by: | last post by:
Hi all, I'm having some problems after upgrading a windows 2000 Server to Domain Controller. Symptoms: every aspx page returns blank HTTP Response headers: HTTP/1.0 200 OK Server: Microsoft-IIS/5.0 Date: Mon, 07 Jun 2004 19:40:50 GMT X-Powered-By: ASP.NET
0
1479
by: Richard | last post by:
First some background... I have an application whereby I send a mail, attach some attachments stored in the windows/temp directory and then send them. This works fine on 2 servers both are not Domain controllers and therefore run under the ASPNET userID. I have one server (the live one) which is a domain controller and therefore has to...
1
5732
by: SL | last post by:
How do I set up access to a file on a Windows Server 2003 Domain Controller that also has IIS? The file sits on another server. The Domain Controller / IIS server connects to this file through a share. Domain controllers have no local users so ASPNET user is not available. Microsoft states, "On Windows 2003 domain controller servers,...
0
3502
by: Rob Roberts | last post by:
I have developed an ASP.NET 2.0 application using localhost on my Windows XP workstation, and it all works fine there. I tried to copy it to my test web server, which is a domain controller running Windows 2000 Server SP4. I can't get it to work on the server. For testing, I created a simple aspx page with nothing on it except for a label. ...
4
2774
by: Leo | last post by:
Hi, guys. I want to use c# to get the privilege of a domain controller in a non-DC machine as i have the user name and password of DC. But i can't find any functions in MSDN. Has anyone met the same problem? regards Leo.
0
7622
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7825
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8060
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
0
6176
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
3596
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3575
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2037
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1159
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
865
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.