IIS Server Security - MS Powerpoint AppPool Identity

Author

MS Powerpoint AppPool Identity

Ben Dewey

2006-05-11, 7:15 pm

everyone,

I have a ASP.NET 2.0 application that is creating powerpoint documents on
the fly using powerpoint com objects that are installed on the server. I am
having some issues with security

It is currently working, but the website is running as administrator and I
would like to tighten up those permissions.

The website is a stand alone site. I created its own AppPool called
PowerpointAppPool

The website is loaded into that pool. If I set the identity to my own
personal Administrator Account everything works fine.

What I tried to do:

1. I created a Domain User account called PPT ACCESS
2. I set the Identity on the PowerpointAppPool to PPT ACCESS with the
password i set
3. then I went to AdminTools->Component Services->DCOM Config and set the
PPT ACCESS user to full launch/access/config privilidges on Microsoft
Powerpoint Presentation

I thought that would do it, but no good.

1. Is this what I should be doing?
2. Is there another service in DCOM that needs to be enabled (eg. a global
MS Office App)?
3. Is there a way to debug where the access failure is coming from?

David Wang [Msft]

2006-05-12, 7:15 am

http://blogs.msdn.com/david.wang/ar...on_and_IIS.aspx

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Ben Dewey" <AspiringMVP@hotmail.com> wrote in message
news:%233pUO5TdGHA.2068@TK2MSFTNGP02.phx.gbl...
> everyone,
>
> I have a ASP.NET 2.0 application that is creating powerpoint documents on
> the fly using powerpoint com objects that are installed on the server. I
> am having some issues with security
>
> It is currently working, but the website is running as administrator and I
> would like to tighten up those permissions.
>
>
> The website is a stand alone site. I created its own AppPool called
> PowerpointAppPool
>
> The website is loaded into that pool. If I set the identity to my own
> personal Administrator Account everything works fine.
>
> What I tried to do:
>
> 1. I created a Domain User account called PPT ACCESS
> 2. I set the Identity on the PowerpointAppPool to PPT ACCESS with the
> password i set
> 3. then I went to AdminTools->Component Services->DCOM Config and set the
> PPT ACCESS user to full launch/access/config privilidges on Microsoft
> Powerpoint Presentation
>
> I thought that would do it, but no good.
>
> 1. Is this what I should be doing?
> 2. Is there another service in DCOM that needs to be enabled (eg. a
> global MS Office App)?
> 3. Is there a way to debug where the access failure is coming from?
>
>

Paul Walsh

2006-05-12, 1:15 pm

Have you also added your PPT Access user into the IIS_WPG group, else it
won't have access to all of the .NEt areas it needs to.

Paul Walsh

"Ben Dewey" wrote:

> everyone,
>
> I have a ASP.NET 2.0 application that is creating powerpoint documents on
> the fly using powerpoint com objects that are installed on the server. I am
> having some issues with security
>
> It is currently working, but the website is running as administrator and I
> would like to tighten up those permissions.
>
>
> The website is a stand alone site. I created its own AppPool called
> PowerpointAppPool
>
> The website is loaded into that pool. If I set the identity to my own
> personal Administrator Account everything works fine.
>
> What I tried to do:
>
> 1. I created a Domain User account called PPT ACCESS
> 2. I set the Identity on the PowerpointAppPool to PPT ACCESS with the
> password i set
> 3. then I went to AdminTools->Component Services->DCOM Config and set the
> PPT ACCESS user to full launch/access/config privilidges on Microsoft
> Powerpoint Presentation
>
> I thought that would do it, but no good.
>
> 1. Is this what I should be doing?
> 2. Is there another service in DCOM that needs to be enabled (eg. a global
> MS Office App)?
> 3. Is there a way to debug where the access failure is coming from?
>
>
>