|
Home > Archive > IIS Server Security > October 2005 > DCOMCnfg permissions for application
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
DCOMCnfg permissions for application
|
|
| Allison Sutherland 2005-10-24, 11:03 am |
| Windows 2003 Server, SP1, IIS6
Primary Web Server.
Special Dashboard Intranet application requires:
1. OfficeAutomationuser to be created.
2. Dcomcnfg - requires user to be added to Word Document application to
Default Access Permissions and Default Launch permissions.
DComcnfg - to Configure My Computer to Edit Default Access and Default
Launch Permissions to add
System, Administrators, Interactive, Everyone, OfficeAutomation User,
IUSR_machine account, IWAM_machine account, and ASPNet account.
Should this worry me. None of these DCom permissions are currently set,
except for System and Administrators and I'm worried that this is
"unsecuring" the web server.
Do you have any comments about this? Is this opening up too much and
creating a security concern on the web server?
Thanks very much,
| |
| Roger Abell [MVP] 2005-10-29, 5:51 pm |
| Looks worrisome to me Allison, but then much depends on the
quality of that component, your trust in those that wrote/provide
it, and its code quality. Also, nature of the IIS box comes into
the picture - are there many authors dynamically changing page
code, or is it a more tightly controlled IIS with "production"
page code staged over. If at will authoring is allowed by many
then you would be granting all of them the ability to start instances
and use this component (Everyone, Interactive and even Iusr_,
Iwam_ if not isolating by different AppPool identities)
"Allison Sutherland" <AllisonSutherland@discussions.microsoft.com> wrote in
message news:BB0F7F6C-5111-4AD6-AF9D-07B1AF4E4F50@microsoft.com...
> Windows 2003 Server, SP1, IIS6
> Primary Web Server.
>
> Special Dashboard Intranet application requires:
> 1. OfficeAutomationuser to be created.
> 2. Dcomcnfg - requires user to be added to Word Document application to
> Default Access Permissions and Default Launch permissions.
>
> DComcnfg - to Configure My Computer to Edit Default Access and Default
> Launch Permissions to add
> System, Administrators, Interactive, Everyone, OfficeAutomation User,
> IUSR_machine account, IWAM_machine account, and ASPNet account.
>
> Should this worry me. None of these DCom permissions are currently set,
> except for System and Administrators and I'm worried that this is
> "unsecuring" the web server.
>
> Do you have any comments about this? Is this opening up too much and
> creating a security concern on the web server?
>
> Thanks very much,
|
|
|
|
|