ASPNET User ID - Newbie ?'s, apologies

[John]

Sorry for the newbie questions but after looking over
this and other newsgroups I haven't come across the
answers:

I'm trying to determine how I got a User ID = ASPNET with
"user" privilages on my Win2K desktop. What it's there
for and what would happen if I deleted or disabled the
account. Can anyone point me to some direct reading
material on this - or provide a simple answer? As you can
see from the questions, I'm fairly new to this subject.

[Chris Jackson]

The ASPNET account is the user account that is set up for ASP.NET to run
under. It runs under its own account so that this account can be
specifically granted a limited set of privileges - just enough to run
ASP.NET applications, and no more. If you are not doing ASP.NET web
development, then this account isn't doing anything useful for you, nor is
it harming you.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"John" <anonymous@discussions.microsoft.com> wrote in message
news:00a401c3be87$3976df60$a501280a@phx.gbl...

> Sorry for the newbie questions but after looking over
> this and other newsgroups I haven't come across the
> answers:
>
> I'm trying to determine how I got a User ID = ASPNET with
> "user" privilages on my Win2K desktop. What it's there
> for and what would happen if I deleted or disabled the
> account. Can anyone point me to some direct reading
> material on this - or provide a simple answer? As you can
> see from the questions, I'm fairly new to this subject.

[John]

Chris, Thanks for your speedy and helpful reply. My
concern as a 'Info Security' guy is that someone could make
use of a 'standard' ID for purposes other than I might
intend - OR might use such an ID as an opening point in a
scripted exploit that I might be able to avoid if I
actually knew what the heck I was looking at re this ID.
From your response, it looks as though I'm not going to
have any problems if I disable the account, so I think
that's my best tactic for the moment. I would still like
to know a little more about this...any recommended info
sites or reading? Again, thanks for your input. John

>-----Original Message-----
>The ASPNET account is the user account that is set up for

ASP.NET to run

>under. It runs under its own account so that this account

can be

>specifically granted a limited set of privileges - just

enough to run

>ASP.NET applications, and no more. If you are not doing

ASP.NET web

>development, then this account isn't doing anything useful

for you, nor is

>it harming you.
>
>--
>Chris Jackson
>Software Engineer
>Microsoft MVP - Windows Client
>Windows XP Associate Expert
>--
>More people read the newsgroups than read my email.
>Reply to the newsgroup for a faster response.
>(Control-G using Outlook Express)
>--
>
>"John" <anonymous@discussions.microsoft.com> wrote in

message

>news:00a401c3be87$3976df60$a501280a@phx.gbl...

>> Sorry for the newbie questions but after looking over
>> this and other newsgroups I haven't come across the
>> answers:
>>
>> I'm trying to determine how I got a User ID = ASPNET

with

>> "user" privilages on my Win2K desktop. What it's there
>> for and what would happen if I deleted or disabled the
>> account. Can anyone point me to some direct reading
>> material on this - or provide a simple answer? As you

can

>> see from the questions, I'm fairly new to this subject.

>
>
>.
>

[Chris Jackson]

What more are you interested in knowing? It's a standard Windows user
account, with limited privileges that will let it run ASP.NET sites and not
much else. While it does have some rights (because ASP.NET requires some)
it's definitely not admin, and it doesn't have a blank password. It's a
system generated password as well. I don't consider it a security hole, but
anything you aren't using can clearly be disabled. I don't believe it even
installs if IIS is not present (although I can't verify this, because I
don't have any boxes without IIS on them), and IIS is much more of a threat
surface than a user account with limited privileges and a strong password
is.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"John" <anonymous@discussions.microsoft.com> wrote in message
news:1064e01c3be8c$6addde50$a601280a@phx.gbl...

> Chris, Thanks for your speedy and helpful reply. My
> concern as a 'Info Security' guy is that someone could make
> use of a 'standard' ID for purposes other than I might
> intend - OR might use such an ID as an opening point in a
> scripted exploit that I might be able to avoid if I
> actually knew what the heck I was looking at re this ID.
> From your response, it looks as though I'm not going to
> have any problems if I disable the account, so I think
> that's my best tactic for the moment. I would still like
> to know a little more about this...any recommended info
> sites or reading? Again, thanks for your input. John
>

> >-----Original Message-----
> >The ASPNET account is the user account that is set up for

> ASP.NET to run

> >under. It runs under its own account so that this account

> can be

> >specifically granted a limited set of privileges - just

> enough to run

> >ASP.NET applications, and no more. If you are not doing

> ASP.NET web

> >development, then this account isn't doing anything useful

> for you, nor is

> >it harming you.
> >
> >--
> >Chris Jackson
> >Software Engineer
> >Microsoft MVP - Windows Client
> >Windows XP Associate Expert
> >--
> >More people read the newsgroups than read my email.
> >Reply to the newsgroup for a faster response.
> >(Control-G using Outlook Express)
> >--
> >
> >"John" <anonymous@discussions.microsoft.com> wrote in

> message

> >news:00a401c3be87$3976df60$a501280a@phx.gbl...

> >> Sorry for the newbie questions but after looking over
> >> this and other newsgroups I haven't come across the
> >> answers:
> >>
> >> I'm trying to determine how I got a User ID = ASPNET

> with

> >> "user" privilages on my Win2K desktop. What it's there
> >> for and what would happen if I deleted or disabled the
> >> account. Can anyone point me to some direct reading
> >> material on this - or provide a simple answer? As you

> can

> >> see from the questions, I'm fairly new to this subject.

> >
> >
> >.
> >

[Holly Mazerolle]

Take a look at the following article for more info:

317012 INFO: Process and Request Identity in ASP.NET
[url]http://kb/article.asp?id=Q317012[/url]

This posting is provided "AS IS" with no warranties, and confers no rights.

[Chris Jackson]

Or, if you don't happen to be on the Microsoft LAN, you might try this link:

[url]http://support.microsoft.com/default.aspx?scid=kb;[/url][LN];317012

;-)

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Client
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"Holly Mazerolle" <hollymamsft@online.microsoft.com> wrote in message
news:4yYcAUzvDHA.3860@cpmsftngxa07.phx.gbl...

> Take a look at the following article for more info:
>
> 317012 INFO: Process and Request Identity in ASP.NET
> [url]http://kb/article.asp?id=Q317012[/url]
>
> This posting is provided "AS IS" with no warranties, and confers no

rights.

>

[Holly Mazerolle]

Sorry about that here is the correct link. :-)

317012 INFO: Process and Request Identity in ASP.NET
[url]http://support.microsoft.com/?id=317012[/url]