|
Home > Archive > IIS Server Security > March 2006 > Delegation and IIS service account
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Delegation and IIS service account
|
|
| T. Tyrone 2006-03-16, 7:49 am |
| Hello;
I'm trying to set up a web app that accesses a SQL database on a second
server. I want to use integrated security and have set the computer account
as trusted for delegation. I know I need to use setspn to tell Active
Directory that there is an authorized instance of a service of class
"MSSQLSvc" listening on port 1433 on computer FQDN running as service account
in my domain. My question deals with the IIS setup.
Does the World Wide Web Publishing Service need to be running under a domain
user account for this, or is having the web server trusted for delegation
enough?
Thanks;
T.
| |
| T. Tyrone 2006-03-17, 7:50 am |
| Nevermind, figured it out...
"T. Tyrone" wrote:
> Hello;
>
> I'm trying to set up a web app that accesses a SQL database on a second
> server. I want to use integrated security and have set the computer account
> as trusted for delegation. I know I need to use setspn to tell Active
> Directory that there is an authorized instance of a service of class
> "MSSQLSvc" listening on port 1433 on computer FQDN running as service account
> in my domain. My question deals with the IIS setup.
>
> Does the World Wide Web Publishing Service need to be running under a domain
> user account for this, or is having the web server trusted for delegation
> enough?
>
> Thanks;
> T.
| |
| Ken Schaefer 2006-03-25, 11:59 am |
| FWIW: WWW Publishing Service is only supported when running as LocalSystem.
It is not supported using a domain account to run WWW Publishing Service.
Cheers
Ken
"T. Tyrone" <TTyrone@discussions.microsoft.com> wrote in message
news:9B28BA40-8A12-4533-9F71-5C49E1295668@microsoft.com...
: Nevermind, figured it out...
:
: "T. Tyrone" wrote:
:
: > Hello;
: >
: > I'm trying to set up a web app that accesses a SQL database on a second
: > server. I want to use integrated security and have set the computer
account
: > as trusted for delegation. I know I need to use setspn to tell Active
: > Directory that there is an authorized instance of a service of class
: > "MSSQLSvc" listening on port 1433 on computer FQDN running as service
account
: > in my domain. My question deals with the IIS setup.
: >
: > Does the World Wide Web Publishing Service need to be running under a
domain
: > user account for this, or is having the web server trusted for
delegation
: > enough?
: >
: > Thanks;
: > T.
|
|
|
|
|