Impersonation

Home Forums Security General Security Impersonation

This topic contains 0 replies, has 1 voice, and was last updated by Avatar gzt 15 years, 1 month ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    gzt
    Member
    #99509

    Hi,

    If I run an IIS6 site application pool as ‘localsystem’ I see with the token monitor from sysinternals that NTAUTHORITYSYSTEM impersonates networkservice, does this mean w3wp.exe is relatively safe because it is running in the context of networkservice, even it is started by SYSTEM?

    Since the process appears to run as networkservice, if someone manages to compromise the w3wp.exe will they have localsystem privelieges or networkservice priveliges?

    I don’t understand the way process tokens work very well, sorry.

    Thanks!

    Geoff

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Register for this Petri Webinar!

Want to Make Your Backup Storage Unlimited & Ready for the Cloud? – Free Thurrott Premium Account with Webinar Registration!

Tuesday, August 27, 2019 @ 1:00 pm EDT

A Scale-Out Backup storage infrastructure is a must-have technology for your backups. In this webinar, join expert Rick Vanover for a look on what real-world problems are solved by the Scale-Out Backup Repository.

Register Now

Sponsored By