Home Forums Security General Security Impersonation

This topic contains 0 replies, has 1 voice, and was last updated by  gzt 14 years, 7 months ago.

Viewing 1 post (of 1 total)
  • Author

  • gzt


    If I run an IIS6 site application pool as ‘localsystem’ I see with the token monitor from sysinternals that NTAUTHORITYSYSTEM impersonates networkservice, does this mean w3wp.exe is relatively safe because it is running in the context of networkservice, even it is started by SYSTEM?

    Since the process appears to run as networkservice, if someone manages to compromise the w3wp.exe will they have localsystem privelieges or networkservice priveliges?

    I don’t understand the way process tokens work very well, sorry.



Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.