Requirements for Least Privileges account for IIS site instead of NetworkService account?
Question asked by Douglas White - 3/12/2015 at 8:37 AM
In the knowledge base articles on setting up SmarterMail as an IIS Site, it is suggested that we use NetworkService as the account for the app pool for the site. This is typically frowned upon amongst security advisors.
Any guidance on setting up a least privileges account that can be assigned to the App Pool instead of using NetworkService?

3 Replies

Reply to Thread
Scarab Replied
That's a good question. Although I can't imagine that it would be any different than running any other IIS site as a least privileges account, as long as your least privileges account is assigned the correct permissions to the /Smartermail/MRS directory, it shouldn't cause any problems. I may have to test this out on my home lab this weekend and make sure that it doesn't throw any unforeseeable errors.
Douglas White Replied
I'm just not sure what permissions the AppPool account would need to be able to implement the magic of tapping into the mail server features.
Bruce Barnes Replied
Great question, Douglas. Gonna watch this thread.
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread