Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I normally would create a limited rights user and run the process under that but the fact that pools automatically created under IIS7 in 2008 use this account makes me think that this is perfectly safe, and possibly more so than something I create? The whole Secure By Default push from Redmond would lead me to believe this is the case.
Yes it is safe. Services and Service Accounts Security Planning Guide
One more thing. It is even better to use the local service account ( not to confuse with local System account! ). It has the same permission on the local server as network service. But does not have network permissions. The network service can access network resources with the permissions of the computer account ( like authenticated user ).
Update 1 ( reply to comment):
As far as I understand. both option will work. Your application code is not running ( by default) under the application pool identity. But under the identity of the user that authenticate to your site. Or, if anonymous user are allowed, the iuser_computername account. The reason that the application pool identity is important, is that you can by code, so attacker that inject his code can too, to change the identity of your application to the application pool identity.
That said, There are further complication that are too numerous to post.