NOTE : This article discusses a BETA product and can change. You still do have the option to change the identity back to Network Service. What this means is that you now need to ACL your content based on this ephemeral ApplicationPoolIdentity account (IIS APPPOOL\ApplicationPool ) instead of the NTAuthority\Network Service.
Microsoft iis 5 windows#
Managed Service Accounts are a new concept in Win 7 / Windows 2008 R2 you can read more about them here
Microsoft iis 5 windows 7#
Going forward in Windows Server 2008 R2 and Windows 7 by default the worker process will now be run as the ApplicationPoolIdentity which is a Managed Service Account. With IIS 7.5 security is being tightened further and now the w3wp.exe process by default uses the ApplicationPoolIdentity to run. But in IIS 7.0 we still use Network Service to launch the w3wp.exe process. If any other application pool tried to access/run the content a 401.3 Unauthorized error message will be thrown. This would mean your content will only be available to the TestWebSite Application Pool. Instead of using the generic IUSR account you can now ACL your content using the ApplicationPoolIdentity. The ApplicationPoolIdentity can also be used as the account for Anonymous Authentication. This adds a new layer of security as now the configuration file is only accessible by that application pool. The configuration file is ACL’ed using the ApplicationPoolIdentity (IIS APPPOOL\ApplicationPoolName). IIS 7.0 creates an ephemeral configuration file in C:\inetpub\temp\appPools and uses it.
With IIS 7.0 a new concept of ApplicationPoolIdentity was introduced.
All guidance/documentation recommend running the worker process under the Network Service. Network Service is a low privilege predefined account that was introduced in Windows 2003. To increase security IIS 6.0 by default launched the worker process using the NTAuthority\Network Service account. There is a ton of information for people moving from IIS 6 to IIS 7 but not from IIS 5. As an architectural change the worker process w3wp.exe was introduced. Hello, I was doing some research on migrating from IIS 5.0 to IIS 7.0 and didn't find much. IIS 6.0 introduced a lot of features to increase reliability and security.
0 kommentar(er)
