I recently made a post on a couple Win2k newsgroups, but I believe the post
was OT and thus ignored, which I expected; hopefully this NG is better
suited for my question.  Anyhow, I am trying to use ASP to add IIS accounts
to a Win2k server, and apparently, without modifications, I am required to
give IWAM and IUSR Administrative access; otherwise, I receive a "general
access denied error".  Because of my fear of security holes, I have not
given Admin access to these accounts.  I've been told that it's possible to
create a new account with the appropriate privileges and to use this account
only on the one page that needs the increased rights.  While this sounds
logical, I am unaware as to how to force the page to use an anonymous
account other than IWAM/IUSR for a particular operation.  Is it possible to
do this?

--
Tony Talmage
Web Developer
Graphic Education Corporation
http://www.graphiced.com
(888) 354-6600

[ Post a follow-up to this message ]

Sure.  Just set the NTFS permissions accordingly on the page in question,
and disable anonymous access to that folder or page in IIS.  That should
just about do it.

"Tony Talmage" <fakeaddress@nodomain.com> wrote in message
news:%236dia%23x7DHA.1052@TK2MSFTNGP12.phx.gbl...
> I recently made a post on a couple Win2k newsgroups, but I believe the
post
> was OT and thus ignored, which I expected; hopefully this NG is better
> suited for my question.  Anyhow, I am trying to use ASP to add IIS
accounts
> to a Win2k server, and apparently, without modifications, I am required to
> give IWAM and IUSR Administrative access; otherwise, I receive a "general
> access denied error".  Because of my fear of security holes, I have not
> given Admin access to these accounts.  I've been told that it's possible
to
> create a new account with the appropriate privileges and to use this
account
> only on the one page that needs the increased rights.  While this sounds
> logical, I am unaware as to how to force the page to use an anonymous
> account other than IWAM/IUSR for a particular operation.  Is it possible
to
> do this?
>
> --
> Tony Talmage
> Web Developer
> Graphic Education Corporation
> http://www.graphiced.com
> (888) 354-6600
>
>
>

[ Post a follow-up to this message ]

"Tony Talmage" <fakeaddress@nodomain.com> wrote in message
news:%236dia%23x7DHA.1052@TK2MSFTNGP12.phx.gbl...
> I recently made a post on a couple Win2k newsgroups, but I believe the
post
> was OT and thus ignored, which I expected; hopefully this NG is better
> suited for my question.  Anyhow, I am trying to use ASP to add IIS
accounts
> to a Win2k server, and apparently, without modifications, I am required to
> give IWAM and IUSR Administrative access; otherwise, I receive a "general
> access denied error".  Because of my fear of security holes, I have not
> given Admin access to these accounts.  I've been told that it's possible
to
> create a new account with the appropriate privileges and to use this
account
> only on the one page that needs the increased rights.  While this sounds
> logical, I am unaware as to how to force the page to use an anonymous
> account other than IWAM/IUSR for a particular operation.  Is it possible
to
> do this?
>
> --
> Tony Talmage
> Web Developer
> Graphic Education Corporation
> http://www.graphiced.com
> (888) 354-6600

A good an well grounded fear, and you don't have to give them admin
privileges. See my own reply to my post here, thread titled "ASP=Events 529
& 681".
MostlyAnonymous


---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.592 / Virus Database: 375 - Release Date: 18-Feb-04

[ Post a follow-up to this message ]