|
Posted by Roger Abell on July 12, 2005, 8:48 am
Please log in for more thread options
Marco,
C:\WINNT\KOSW047BFJNQUY26 appears to be some temporary
directory ?? Is it being created with explicit permissions that will
exclude Users or other grant that includes Dir List for AspNet ?
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
> Hi, i'm always auditing ASPNET's account accesses on my webserver, a
> WIN2K_SP4 + IIS5 + SQLServer2K_SP3a machine.
>
> Nearly all the applications work correctly, but i constantly find a
> message in the event viewer under the protection log, that says:
>
> ---------------------------------------
> Apertura oggetto:
> Server oggetto: Security
> Tipo oggetto: File
> Nome oggetto: C:\WINNT\KOSW047BFJNQUY26
> Nuovo ID dell'handle: -
> ID dell'operazione:
> ID del processo: 2160
> Nome utente primario: ASPNET
> Dominio primario: WEBSERVER
> ID di accesso primario: (0x0,0x3F5DE)
> Nome utente client: -
> Dominio client: -
> ID di accesso client: -
> Accessi SYNCHRONIZE
> ReadData (o ListDirectory)
>
> Privilegi -
> ---------------------------------------
>
> (I'm sorry for the Italian text, but i think you can easily understand
> the message)
>
> ASPNET is part of the Users group, and the Users group has the READ,
> EXECUTION and LIST permissions on C:\WINNT directory.
>
> What this could be?
>
> I followed all the MS KB to grant the rights priviledges to the ASPNET
> account, and no application have a problem at the moment.
>
> Only one application seems to go crazy when the number of users grows
> up (we are waiting for another 1GB ram, because we think it's a
> resource related issue), but we think it's an application issue not
> related to this problem. Or at least, i don't think this warning in the
> event viewer is related to that problem.
>
> Thnx i.a. for the answers,
> Marco
>
| 
XML Sitemap