On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinename acount (IIS 5). I have expressly denied this
user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinename registry hive remains loaded when the process ends. I have
to manually unload it with regedt32.exe. Is this normal behavior?
4  2719 
Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any scenario,
you'll need to deny service, batch, and network logon rights too.
--
--
Brian Desmond
Windows Server MVP de******@payton.cps.k12.il.us Http://www.briandesmond.com
""Rob"" <@> wrote in message news:uV**************@TK2MSFTNGP12.phx.gbl... On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinename acount (IIS 5). I have expressly denied
this user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinename registry hive remains loaded when the process ends. I
have to manually unload it with regedt32.exe. Is this normal behavior?
Ok, so why does IWAM_machinename registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with regedt32.exe.
Is this normal behavior?
Thanks for the tip Brian
--
"Brian Desmond [MVP]" <de******@payton.cps.k12.il.us> wrote in message
news:%2****************@tk2msftngp13.phx.gbl... Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any
scenario, you'll need to deny service, batch, and network logon rights too.
--
--
Brian Desmond
Windows Server MVP
de******@payton.cps.k12.il.us
Http://www.briandesmond.com
""Rob"" <@> wrote in message news:uV**************@TK2MSFTNGP12.phx.gbl... On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinename acount (IIS 5). I have expressly denied
this user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinename registry hive remains loaded when the process ends. I
have to manually unload it with regedt32.exe. Is this normal behavior?
IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
unload when the IISAdmin service shutsdown.
--
--
Brian Desmond
Windows Server MVP de******@payton.cps.k12.il.us Http://www.briandesmond.com
""Rob"" <@> wrote in message news:eW**************@TK2MSFTNGP10.phx.gbl... Ok, so why does IWAM_machinename registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with
regedt32.exe. Is this normal behavior?
Thanks for the tip Brian
--
"Brian Desmond [MVP]" <de******@payton.cps.k12.il.us> wrote in message
news:%2****************@tk2msftngp13.phx.gbl... Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any
scenario, you'll need to deny service, batch, and network logon rights too.
--
--
Brian Desmond
Windows Server MVP
de******@payton.cps.k12.il.us
Http://www.briandesmond.com
""Rob"" <@> wrote in message
news:uV**************@TK2MSFTNGP12.phx.gbl... On a domain controller, the ASPNET (v1.1) worker process
(aspnet.wp.exe) runs under the IWAM_machinename acount (IIS 5). I have expressly
denied this user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinename registry hive remains loaded when the process ends. I
have to manually unload it with regedt32.exe. Is this normal behavior?
It doesn't
--
"Brian Desmond [MVP]" <de******@payton.cps.k12.il.us> wrote in message
news:O6**************@TK2MSFTNGP12.phx.gbl... IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
unload when the IISAdmin service shutsdown.
--
--
Brian Desmond
Windows Server MVP
de******@payton.cps.k12.il.us
Http://www.briandesmond.com
""Rob"" <@> wrote in message news:eW**************@TK2MSFTNGP10.phx.gbl... Ok, so why does IWAM_machinename registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with
regedt32.exe. Is this normal behavior?
Thanks for the tip Brian
--
"Brian Desmond [MVP]" <de******@payton.cps.k12.il.us> wrote in message
news:%2****************@tk2msftngp13.phx.gbl... Denying log on locally doesn't prevent a service logon, which is
what's happening in this case. If you don't want the user to logon in any
scenario, you'll need to deny service, batch, and network logon rights too.
--
--
Brian Desmond
Windows Server MVP
de******@payton.cps.k12.il.us
Http://www.briandesmond.com
""Rob"" <@> wrote in message news:uV**************@TK2MSFTNGP12.phx.gbl... > On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe) > runs under the IWAM_machinename acount (IIS 5). I have expressly denied this
> user the logon locally right in the domain controller GPO and yet
this > profile gets created under the Document and Settings folder. The
> IWAM_machinename registry hive remains loaded when the process ends.
I have
> to manually unload it with regedt32.exe. Is this normal behavior?
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: jano |
last post by:
Hi,
I am trying to install a web application on an AD domain controller (security risk I know but it is our client's requirement) and i need to give the aspnet account certain permissions....
|
by: Leonard |
last post by:
I am using SmtpMail on a couple of ASP.NET pages. When
mail is sent to an address outside the domain I get
the "Could not access 'CDO.Message' object." error
message. I have looked in the...
|
by: Drunken Coder |
last post by:
I have a small network setup in my home where I have my workstation which is
WindowsXP Home Edition and a server running Windows 2000 Server configured
as a domain controller. The domain controller...
|
by: Richard Chandler |
last post by:
We're having a problem with ASP.NET security and running on a Win2k Domain
Controller.
We can't set up the access rights to the registry for ASPNET as the user
doesn't exist, this access is...
|
by: |
last post by:
Hi all, I'm having some problems after upgrading a windows 2000 Server to
Domain Controller.
Symptoms: every aspx page returns blank
HTTP Response headers:
HTTP/1.0 200 OK
Server:...
|
by: Richard |
last post by:
First some background...
I have an application whereby I send a mail, attach some attachments stored
in the windows/temp directory and then send them. This works fine on 2
servers both are not...
|
by: SL |
last post by:
How do I set up access to a file on a Windows Server 2003
Domain Controller that also has IIS? The file sits on
another server. The Domain Controller / IIS server
connects to this file through a...
|
by: Rob Roberts |
last post by:
I have developed an ASP.NET 2.0 application using localhost on my Windows XP
workstation, and it all works fine there. I tried to copy it to my test web
server, which is a domain controller...
|
by: Leo |
last post by:
Hi,
guys.
I want to use c# to get the privilege of a domain controller in a
non-DC machine as i have the user name and password of DC.
But i can't find any functions in MSDN.
Has anyone met the...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
