Need to figure out how to adjust the user running the Application Pool be minimum security necessary #18
Comments
|
After doing a lot more research on this, I don't know if this can be done cleanly. The reason I say this is because when using the Microsoft.Web.Administration namespace, in order to interact with the w3wp.exe process and all of the Applications, Application Pools, etc., the user has to be an administrator. One idea that I came up with would be to offload all of the stuff that would be using the Microsoft.Web.Administration code to a completely separate helper executable. However, this would require me to add some sort of admin user credentials (in an encrypted fashion of course) to some file so that when I go to run the executable, that it will be run as the administrative user. While this would remove the need for the Application Pool to be running as an Administrative user, it won't remove the need for that administrative user all together. This will be a requirement no matter what. The other thing that will need to be handled is not only running the new/second helper utility, but also doing the same thing when running the first helper utility. |
Right now, the user account needs to have administrative rights to read/write privileges to the website configuration through the WebAdministration module. Need to see what I can do about removing the need for full administrative rights and make it more minimal required rights.
The text was updated successfully, but these errors were encountered: