Home Forums Security General Security Impersonation

This topic contains 0 replies, has 1 voice, and was last updated by Avatar gzt 15 years, 1 month ago.

Viewing 1 post (of 1 total)
  • Author
  • Avatar


    If I run an IIS6 site application pool as ‘localsystem’ I see with the token monitor from sysinternals that NTAUTHORITYSYSTEM impersonates networkservice, does this mean w3wp.exe is relatively safe because it is running in the context of networkservice, even it is started by SYSTEM?

    Since the process appears to run as networkservice, if someone manages to compromise the w3wp.exe will they have localsystem privelieges or networkservice priveliges?

    I don’t understand the way process tokens work very well, sorry.



Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Register for this Petri Webinar!

Software-Defined Backup Storage: Agnostic, Easy and Cloud-Ready

Tuesday, August 27, 2019 @ 1:00 pm EDT

A Scale-Out Backup storage infrastructure is a must-have technology for your backups. In this webinar, join expert Rick Vanover for a look on what real-world problems are solved by the Scale-Out Backup Repository.

Register Now

Sponsored By