has anybody compiled a complete list of all the registry/file permissions
and user rights necessary when using an account other than network service
or system for the application pool identity in IIS 6? It would be great if
IIS set these for you (wizard or script) when you use a non-system account .
going through the security event logs to find everything the account touches
and setting the ACL's is a real pain.

Like this?
http://support.microsoft.com/default.aspx/kb/812614

Thanks for the reply, the link covers some of the items but not all. I have
also used  info from
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconconfiguringnetframeworkapplications.asp
but it doesn't cover everything either. I am working with a government
system that requires fail auditing on files and registry for everyone. short
of going through every failure event and setting the acl's, I was hoping for
1 single point of reference that tells all file and registry entries that
get touched by the Application Pool Identity and what the permissions need
to be. It would be nice if IIS Manager set all these permissions for you
when you change the App Pool Identity account.

any ideas how to set the temporary compile directory for the .NET compiler
vbc.exe? it always wants to compile in c:\windows\%generatedtempfoldername%
then copy the compiled files to the Temporary ASP.NET Files instead of
c:\windows\temp or c:\%userprofile%\temp then copy.


Show quoteHide quote

Permission denied when writing to eventlog from global.asa
Secure website (cookie/session)
401 errors filling logfile
Your opinion on SSL and common URL to access site from internal and external
IP address and domain name restrictions not available?.
SSL for FTP
Problem with IUSR account
How to control bandwidth per web site on IIS
Is the sessionState cookie a security risk.
Response splitting