Ask a Question related to ASP.NET Security, Design and Development.
-
Arturo #1
Why is "Act as part of the operating system" dangerous?
Hello everybody:
I have a question: Why is "Act as part of the operating system"
dangerous? I have an application that will go live on Windows 2000,
and it impersonates a user; I have to enable it (it copies some files
in the server and creates a new IIS application on the server. That's
why it needs to impersonate a user) I am using LogonUser.
Thanks!
Arturo
Arturo Guest
-
Is it dangerous to set "JRunConfig Verbose true"?
When used together with Apache, CFMX702 setup generates a JRun Settings section in httpd.conf. Two lines are of particular interest. They are ... -
Getting "A potentially Dangerous Request.Cookies Value" error
Hello, I recently upgraded from VS.NET 2002 to VS.NET 2003. Since I did that, I receive the following error from time to time: A potentially... -
Windows Server 2003/IIS 6.0/ASP.NET "Could not find a part of the path"
I have an ASP.NET web application running on a load-balanced Windows Server 2003 web farm running IIS 6.0, using Active Directory authentication. ... -
Sony DSC-F1 Video Connector?? "Battery adapter attaching part"???
Sony DSC-F1 Video Connector? What's the connector for the DSC-F1 Video Out? If I stuff in a 1/8" phone plug, I get video out. Problem is that... -
Lsass.exe System error "object name not found". System keeps rebooting
When trying to install the drivers for the PCI modem in my laptop, prompted for the driver CD. Installed the driver without any errors but asked... -
Joe Kaplan \(MVP - ADSI\) #2 Re: Why is "Act as part of the operating system" dangerous?
Act as Part of the Operating System allows the account to do stuff directly
in kernel mode, bypassing the entire Windows security system if it wants to.
Essentially, the account is equivalent to SYSTEM.
Does that answer the question adequately?
Did you consider the possibility of factoring out this code into a seperate
component that could run under COM+ so that you could specify a particular
identity to run as? That would be much more secure? Alternately, moving to
2003 server fixes this problem as well.
Joe K.
"Arturo" <arturo-g@lycos.com> wrote in message
news:e1a45d36.0404130712.5c53e6a7@posting.google.c om...> Hello everybody:
>
> I have a question: Why is "Act as part of the operating system"
> dangerous? I have an application that will go live on Windows 2000,
> and it impersonates a user; I have to enable it (it copies some files
> in the server and creates a new IIS application on the server. That's
> why it needs to impersonate a user) I am using LogonUser.
>
> Thanks!
>
> Arturo
Joe Kaplan \(MVP - ADSI\) Guest
-
Arturo #3 Re: Why is "Act as part of the operating system" dangerous?
> Act as Part of the Operating System allows the account to do stuff directly
Thanks, Joe. I think I will create a console application and call it.> in kernel mode, bypassing the entire Windows security system if it wants to.
> Essentially, the account is equivalent to SYSTEM.
That's the easyest solution so far. Thanks!
Arturo
Arturo Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
