I have a client that I wrote an OI app. for that we have given web

access to using WinNT/IIS 4. We have only been beta'ng this, and

are getting close to going live. The client has some big concerns

regarding giving IUSR_compname rights to "Log on as a service",

and adding 'Admin rights' to this IUSR_compname.

I don't blame them and remembered reading a post Bob Carton submitted

with some recommendations and suggestions.

I was wondering if anything had changed within OICGI or

IIS / NT that wasn't known 6 mos. ago, or if anyone had any suggestions on how to get the oicgi going without giving admin rights. (Is this still the case. Am I way off base here?)

We could feasibly get another small NT box going and put the OI App.,

OI NT Service (I am assuming from docs that the OI App must reside on the same box), and data, and try to use another web server in conjuction with the Primary NT running IIS, but I am unsure on what exactly that would entail.

I did get a doc from Sprezz. regarding some options for this type of setup but this did not appease the client.

Thanks

Your client is right to be concerned. There are numerous hacker web sites documenting how to crash IIS and the idea that remote users can gain access to the DOS prompt with supervisor rights is indeed a chilling one.

Steve,

Yup, hence the post.

Oddly enough, after some testing and shutdown(s)/startup(s)

I do have it working now without the admin rights granted to

the IUSR_compname.

I'm sure that'd be of great interest to more than a few people here - would you care to share the technique - or perhaps do a knowledge base article?

TIA

Well it worked for a while.

I waited to respond to the last post because I wanted to

check it out on a workstation instead of the server console

logged in as admin.

Now it won't fly at all on the server and nothing has changed..

The system didn't get logged off, OI stayed up, the inet_gateway

stayed active.

I'm at a loss except to reboot and we can't do that. Urgh…

View this thread on the forum...