"Dale Harris" <no****@harriscorp.comwrote in message
news:a5******************@news.teranews.com...
Is there anything special about the IIS_USR created by Windows for the
anonymous IIS user? I see that it's merely part of the 'Guest Users'
group.
It's an account with just enough permissions and privileges to process
incoming HttpRequests and serve outgoing HttpResponses.
Is there anything else that sets it apart?
Not really, other than that the above is pretty much all it can do...
Can I just make my own user, add it to the 'Guest Users' group and replace
the IIS_USR with it with no ill-effects?
Yes you can. In fact, if you need your web app to do anything which requires
anything more than the most basic permissions, you'll have to modify it
anyway. E.g. if you need your app to query Active Directory, it will need to
run in the context of an account which is a member at least of the Domain
Users group...
Some people typically create a user account just for web apps and assign it
more granular permissions, then make the whole web app run in the context of
that user account.
Alternatively, it's possible to make individual pages / functions run in the
context of a different account so that only those portions of the web app
which require elevated privileges are affected.
http://www.google.co.uk/search?sourc...+impersonation
--
Mark Rae
ASP.NET MVP
http://www.markrae.net