IIS Server Security - IIS Server default user account reset after patching?

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > March 2005 > IIS Server default user account reset after patching?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author IIS Server default user account reset after patching?
Steve Marshall

2005-03-16, 5:58 pm

We have a clustered application that required the use of a specific account
for anonymous access. The application was configured with a local user
account on each node in the cluster and has been working correctly since
November. This week 2 situations occured that caused both nodes in the
cluster to fail simultaniously. The issue was traced back to the fact that
the account setup in IIS had been replaced back with the IUSR_Machinename
account. The machines are tightly controlled and have very limited access
for someone to be able to make a change of this nature.
Is it possible that a windows security patch could have reset this account?
We automate our patching and keep up to date with new patches as they are
released. The latest round of patches were installed on the 20th Feb. If
this is not possible could it be something within the cluster that changed
the user account back? (I am doubting this to be the case since the server
has been running since November without incident).

Any help on this issue is much appreciated.

Steve
Jason Brown [MSFT]

2005-03-17, 7:52 am

As far as I'm aware, no patch should reset these settings. Did you apply any
security templates, or restore a metabase?

are you able to repeat this to pin down what caused it, or is this a
production box? Or can you supply the exact patch details so someone else
can replicate?


--
Jason Brown
Microsoft GTSC, IIS

This posting is provided "AS IS" with no warranties, and confers no rights.




"Steve Marshall" <Steve Marshall@discussions.microsoft.com> wrote in message
news:AD977CC2-30D7-4F23-94E3-F5F467191BEC@microsoft.com...
> We have a clustered application that required the use of a specific
> account
> for anonymous access. The application was configured with a local user
> account on each node in the cluster and has been working correctly since
> November. This week 2 situations occured that caused both nodes in the
> cluster to fail simultaniously. The issue was traced back to the fact
> that
> the account setup in IIS had been replaced back with the IUSR_Machinename
> account. The machines are tightly controlled and have very limited access
> for someone to be able to make a change of this nature.
> Is it possible that a windows security patch could have reset this
> account?
> We automate our patching and keep up to date with new patches as they are
> released. The latest round of patches were installed on the 20th Feb. If
> this is not possible could it be something within the cluster that changed
> the user account back? (I am doubting this to be the case since the server
> has been running since November without incident).
>
> Any help on this issue is much appreciated.
>
> Steve


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com