By default, the worker process for Microsoft ASP.NET (Aspnet_wp.exe) runs under the local machine account to restrict access to domain resources and provide a more secure environment. This will cause an error if you try to run or debug an ASP.NET application on a domain controller or a backup domain controller. On a domain controller, all user accounts are domain accounts and not local machine accounts, so Aspnet_wp.exe fails because it cannot find a local account named 'localmachinename\ASPNET'.
Workarounds
Create a weak account that has the permissions necessary for running the ASP.NET worker process, and then configure the
Configure the
Note This is not a recommended practice and has serious security implications. Allowing ASP.NET applications to run under the SYSTEM or an Administrator account allows code that is being run by the Aspnet_wp.exe process to have access to the domain controller and domain settings. Executables that are started by the Aspnet_wp.exe process also run in the same context and will have access to the domain controller and domain settings.
To create a weak account with the correct permissions
Create a user account on the computer and add this user account to the Users group.
Grant this user account the Log on as a batch job right.
a. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
b. Expand Security Settings, expand Local Polic"
No comments:
Post a Comment