Re: iis6 / windows server 2003/ network service account
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 03/24/04
- Next message: foldface_at_yahoo.co.uk: "Command line scripts and Win XP Pro"
- Previous message: David Wang [Msft]: "Re: IIS 6.0, InterDev 6.0 and DTC"
- In reply to: jzink: "Re: iis6 / windows server 2003/ network service account"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Mar 2004 02:36:29 -0800
IIS reads some startup configuration values from very selected nodes in the
registry, which IIS_WPG has been ACL'd for access. Here's the list:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/iis/ref_reg_globalentries.asp
I suggest you start looking at what is changing ACLs on your system without
your knowledge since that is far more dangerous to the stability of your
server.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"jzink" <anonymous@discussions.microsoft.com> wrote in message
news:B3CB0931-FF2F-4B4E-85FF-9BA0F7B36619@microsoft.com...
It's not the application that is accessing the registry, it's IIS. By
using the regmon utility from sysinternals we could see that IIS was failing
because "network service" could not read the registry. The app has been
working for over 2 months and we suddenly ran into the problem yesterday.
Unfortunately, we don't have a policy in place to audit the modifying of the
registry. So I am trying to figure out why network service lost it's
permissions to read the necessary keys that iis requires it to read.
----- Desmond Lam wrote: -----
Network Service account only has limited priviledges on the system. By
default, it should not have any explicit permission to the registry. I
have
also verified it on my machine as well. If your application needs to
access
the registry, and the app pool (worker process) hosting application is
running as network service account, it will encounter problems.
Hence it should not the case as erroeous code causing the "network
service
to loss registry permission".
Hope it helps,
"jzink" <anonymous@discussions.microsoft.com> wrote in message
news:39BEB2DA-6999-4AB1-841C-F6D8EB5A0D5B@microsoft.com...
> just had my production site crash. was getting error service
unavailable.
restarted iis, rebooted, nothing was working. after working with
microsoft
on the problem it was determined that when the site was trying to load
the
network service account was getting registry read errors. regranted
the
network service account read access to the hklm root and everything
worked
fine. this app is fairly new and was wondering if anyone had any ideas
on
what could cause this type of a problem. a new norton anti virus file
was
pushed to the server around the time of the problem, but i doubt that
could
do it ? could it be some erroneous code ? not sure how code could
cause
network service to loose it's registry permissions
>> any ideas would be appreciated
- Next message: foldface_at_yahoo.co.uk: "Command line scripts and Win XP Pro"
- Previous message: David Wang [Msft]: "Re: IIS 6.0, InterDev 6.0 and DTC"
- In reply to: jzink: "Re: iis6 / windows server 2003/ network service account"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
