Requirements for Least Privileges account for IIS site instead of NetworkService account?
Question asked by Douglas White - 3/12/2015 at 8:37 AM
In the knowledge base articles on setting up SmarterMail as an IIS Site, it is suggested that we use NetworkService as the account for the app pool for the site. This is typically frowned upon amongst security advisors.
Any guidance on setting up a least privileges account that can be assigned to the App Pool instead of using NetworkService?

3 Replies

Reply to Thread
Scarab Replied
That's a good question. Although I can't imagine that it would be any different than running any other IIS site as a least privileges account, as long as your least privileges account is assigned the correct permissions to the /Smartermail/MRS directory, it shouldn't cause any problems. I may have to test this out on my home lab this weekend and make sure that it doesn't throw any unforeseeable errors.
Douglas White Replied
I'm just not sure what permissions the AppPool account would need to be able to implement the magic of tapping into the mail server features.
Bruce Barnes Replied
Great question, Douglas. Gonna watch this thread.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread