Professional Web Applications Themes

Why is "Act as part of the operating system" dangerous? - ASP.NET Security

Hello everybody: I have a question: Why is "Act as part of the operating system" dangerous? I have an application that will go live on Windows 2000, and it impersonates a user; I have to enable it (it copies some files in the server and creates a new IIS application on the server. That's why it needs to impersonate a user) I am using LogonUser. Thanks! Arturo...

  1. #1

    Default Why is "Act as part of the operating system" dangerous?

    Hello everybody:

    I have a question: Why is "Act as part of the operating system"
    dangerous? I have an application that will go live on Windows 2000,
    and it impersonates a user; I have to enable it (it copies some files
    in the server and creates a new IIS application on the server. That's
    why it needs to impersonate a user) I am using LogonUser.

    Thanks!

    Arturo
    Arturo Guest

  2. #2

    Default Re: Why is "Act as part of the operating system" dangerous?

    Act as Part of the Operating System allows the account to do stuff directly
    in kernel mode, bypassing the entire Windows security system if it wants to.
    Essentially, the account is equivalent to SYSTEM.

    Does that answer the question adequately?

    Did you consider the possibility of factoring out this code into a seperate
    component that could run under COM+ so that you could specify a particular
    identity to run as? That would be much more secure? Alternately, moving to
    2003 server fixes this problem as well.

    Joe K.

    "Arturo" <arturo-glycos.com> wrote in message
    news:e1a45d36.0404130712.5c53e6a7posting.google.c om...
    > Hello everybody:
    >
    > I have a question: Why is "Act as part of the operating system"
    > dangerous? I have an application that will go live on Windows 2000,
    > and it impersonates a user; I have to enable it (it copies some files
    > in the server and creates a new IIS application on the server. That's
    > why it needs to impersonate a user) I am using LogonUser.
    >
    > Thanks!
    >
    > Arturo

    Joe Kaplan \(MVP - ADSI\) Guest

  3. #3

    Default Re: Why is "Act as part of the operating system" dangerous?

    > Act as Part of the Operating System allows the account to do stuff directly
    > in kernel mode, bypassing the entire Windows security system if it wants to.
    > Essentially, the account is equivalent to SYSTEM.
    Thanks, Joe. I think I will create a console application and call it.
    That's the easyest solution so far. Thanks!

    Arturo
    Arturo Guest

Similar Threads

  1. Is it dangerous to set "JRunConfig Verbose true"?
    By kladini in forum Coldfusion Server Administration
    Replies: 1
    Last Post: October 16th, 11:48 PM
  2. Getting "A potentially Dangerous Request.Cookies Value" error
    By Cesar Saucedo in forum ASP.NET Security
    Replies: 0
    Last Post: June 24th, 09:01 PM
  3. lost part of my "/usr/local"-filesystem - debian(woody)
    By F. Kappen in forum Linux Setup, Configuration & Administration
    Replies: 3
    Last Post: August 15th, 06:11 AM
  4. Replies: 0
    Last Post: July 16th, 06:07 AM
  5. Lsass.exe System error "object name not found". System keeps rebooting
    By Deepak in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 14th, 04:10 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139