Re: IIS & SQL, dedicated user account & GPO
- From: "Steve Foster [SBS MVP]" <steve.foster@xxxxxxxxxxxxx>
- Date: Fri, 06 Jan 2006 09:01:44 -0800
ChipW wrote:
SBS'03 Prem SP1, using ISA'04
I am setting up a dedicated IIS server (2 nics) for hosting a site that will use data from a SQL DB on the SBS server (2 nics). From what I read, a dedicated domain user account is the securest way to allow IIS to access SQL without a lot of maintenance . My problem/question comes in at the GPO problems I could experiance. I have password changes forced every 45 days (yes, strong), but I don't want this account to have to change. Also, is thier an easy way to setup this account without all the frills the wizard normally adds, like mailboxes, etc. Basically all I want the account to be able to do is allow IIS to access the tables and queries I specify in EM and nothing else...
Thanks is advance
Chip
Create the account using the normal AD methods, rather than the SBS wizards.
Secondly, tick the "Password Never Expires" box in the account properties to effectively exempt it from the password GPO.
Mind you, you should find that you have a suitable user account already - the IUSR_* or IWAM_* account for the IIS server.
-- Steve Foster [SBS MVP] --------------------------------------- MVPs do not work for Microsoft. Please reply only to the newsgroups. .
- Follow-Ups:
- Re: IIS & SQL, dedicated user account & GPO
- From: ChipW
- Re: IIS & SQL, dedicated user account & GPO
- References:
- IIS & SQL, dedicated user account & GPO
- From: ChipW
- IIS & SQL, dedicated user account & GPO
- Prev by Date: Re: SBS/Network/Router/ISA Configuration
- Next by Date: Re: Tracking log in / log out times
- Previous by thread: Re: IIS & SQL, dedicated user account & GPO
- Next by thread: Re: IIS & SQL, dedicated user account & GPO
- Index(es):
Relevant Pages
|
