iis security: has anybody compiled a complete list of all the registry/file permissions
and user rights necessary when using an account other than network service
or system for the application pool identity in IIS 6? It would be great if
IIS set these for you (wizard or script) when you use a non-system account .
going through the security event logs to find everything the account touches
and setting the ACL's is a real pain.

[quoted text, click to view]

Like this?
http://support.microsoft.com/default.aspx/kb/812614

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS

Thanks for the reply, the link covers some of the items but not all. I have
also used info from
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconconfiguringnetframeworkapplications.asp
but it doesn't cover everything either. I am working with a government
system that requires fail auditing on files and registry for everyone. short
of going through every failure event and setting the acl's, I was hoping for
1 single point of reference that tells all file and registry entries that
get touched by the Application Pool Identity and what the permissions need
to be. It would be nice if IIS Manager set all these permissions for you
when you change the App Pool Identity account.

any ideas how to set the temporary compile directory for the .NET compiler
vbc.exe? it always wants to compile in c:\windows\%generatedtempfoldername%
then copy the compiled files to the Temporary ASP.NET Files instead of
c:\windows\temp or c:\%userprofile%\temp then copy.


[quoted text, click to view]