Difference between revisions of "IIS Security Practices"

From MgmtWiki
Jump to: navigation, search
Line 13: Line 13:
[[Category:Best Practice]]
[[Category:Best Practice]]
[[Category:Web Site]]
[[Category: Web]]

Latest revision as of 09:22, 8 April 2022

Full Title or Meme

Security practices to follow on IIS for good security.



Application Pool Identities

Starting with Server 2008 R2 IIS services will not longer run as network services but with virtual Application Pool Identities that have no entry local or domain accounts, and hence no "Current User" cert store or HKCU registry entries.