> Basically, this is not recommended because it will make your system
> vulnerable. By running the process as the System account this basically
> means that if anyone were able to get control of this process they would
> have all of the priviledges that SYSTEM would have on the server and as you
> know it has many.
> My suggestion would be to Create a weak account that has the correct
> permissions, and then
> configure the <processModel> section of the Machine.config file to use
> that account.
> Here are some simple steps you can follow to grant NTFS permissions.
> Keep in mind that if you are running the 1.0 framework you will need to
> replace v1.1.4322 with v1.0.3705
> 1. Create the domain user and grant it "Log on as a Service", "Log on as a
> Batch Job", "Deny Logon Locally", ?Access this Computer from the Network?
> 2. Add domain user to the local Users Group
> 3. Grant domain user read access to C:\Winnt\microsoft.net
> 4. Grant domain user Full Control to C:\WINNT\TEMP
> 5. Grant domain user Full Control to
> C:\winnt\Microsoft.Net\framework\v1.1.4322\Tempora ry Asp.Net files
> 6. Grant domain user Read access
> 7. Ensure domain user has Read access
> toC:\Winnt\Microsoft.Net\Framework\v1.1.4322\confi g
> 8. Ensure domain user has Read access to C:\Winnt\Assembly
> Note: You should use the following command to add permissions to this
> folder because it is a special folder and does not have a security tab
> cacls c:\winnt\assembly /e /t /p domain\useraccount:R
> 9. Modify the
> c:\winnt\microsoft.net\framework\v1.1.4322\config\ machine.config under
> <processModel> change these lines to read
> 10. Restart IIS for the machine.config changes to take effect
> You can use the following command to enforce the policy changes without a
> SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE
> This posting is provided "AS IS" with no warranties, and confers no rights.