Domain controller GPO does not deny logon locally right to..

  • Thread starter Thread starter Guest
  • Start date Start date
Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework.aspnet,microsoft.public.win2000.group_policy (More info?)

On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
runs under the IWAM_machinename acount (IIS 5). I have expressly denied this
user the logon locally right in the domain controller GPO and yet this
profile gets created under the Document and Settings folder. The
IWAM_machinename registry hive remains loaded when the process ends. I have
to manually unload it with regedt32.exe. Is this normal behavior?
 
Archived from groups: microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework.aspnet,microsoft.public.win2000.group_policy (More info?)

Denying log on locally doesn't prevent a service logon, which is what's
happening in this case. If you don't want the user to logon in any scenario,
you'll need to deny service, batch, and network logon rights too.

--
--
Brian Desmond
Windows Server MVP
desmondb@payton.cps.k12.il.us

Http://www.briandesmond.com


""Rob"" <@> wrote in message news:uV8SzYfNEHA.4036@TK2MSFTNGP12.phx.gbl...
> On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
> runs under the IWAM_machinename acount (IIS 5). I have expressly denied
this
> user the logon locally right in the domain controller GPO and yet this
> profile gets created under the Document and Settings folder. The
> IWAM_machinename registry hive remains loaded when the process ends. I
have
> to manually unload it with regedt32.exe. Is this normal behavior?
>
>
 
Archived from groups: microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework.aspnet,microsoft.public.win2000.group_policy (More info?)

Ok, so why does IWAM_machinename registry hive remain loaded when the
aspnet_wp.exe process ends? I have to manually unload it with regedt32.exe.
Is this normal behavior?

Thanks for the tip Brian
--

"Brian Desmond [MVP]" <desmondb@payton.cps.k12.il.us> wrote in message
news:%23kfIh8hNEHA.2844@tk2msftngp13.phx.gbl...
> Denying log on locally doesn't prevent a service logon, which is what's
> happening in this case. If you don't want the user to logon in any
scenario,
> you'll need to deny service, batch, and network logon rights too.
>
> --
> --
> Brian Desmond
> Windows Server MVP
> desmondb@payton.cps.k12.il.us
>
> Http://www.briandesmond.com
>
>
> ""Rob"" <@> wrote in message news:uV8SzYfNEHA.4036@TK2MSFTNGP12.phx.gbl...
> > On a domain controller, the ASPNET (v1.1) worker process (aspnet.wp.exe)
> > runs under the IWAM_machinename acount (IIS 5). I have expressly denied
> this
> > user the logon locally right in the domain controller GPO and yet this
> > profile gets created under the Document and Settings folder. The
> > IWAM_machinename registry hive remains loaded when the process ends. I
> have
> > to manually unload it with regedt32.exe. Is this normal behavior?
> >
> >
>
>
 
Archived from groups: microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework.aspnet,microsoft.public.win2000.group_policy (More info?)

IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
unload when the IISAdmin service shutsdown.

--
--
Brian Desmond
Windows Server MVP
desmondb@payton.cps.k12.il.us

Http://www.briandesmond.com


""Rob"" <@> wrote in message news:eWicuTiNEHA.4060@TK2MSFTNGP10.phx.gbl...
> Ok, so why does IWAM_machinename registry hive remain loaded when the
> aspnet_wp.exe process ends? I have to manually unload it with
regedt32.exe.
> Is this normal behavior?
>
> Thanks for the tip Brian
> --
>
> "Brian Desmond [MVP]" <desmondb@payton.cps.k12.il.us> wrote in message
> news:%23kfIh8hNEHA.2844@tk2msftngp13.phx.gbl...
> > Denying log on locally doesn't prevent a service logon, which is what's
> > happening in this case. If you don't want the user to logon in any
> scenario,
> > you'll need to deny service, batch, and network logon rights too.
> >
> > --
> > --
> > Brian Desmond
> > Windows Server MVP
> > desmondb@payton.cps.k12.il.us
> >
> > Http://www.briandesmond.com
> >
> >
> > ""Rob"" <@> wrote in message
news:uV8SzYfNEHA.4036@TK2MSFTNGP12.phx.gbl...
> > > On a domain controller, the ASPNET (v1.1) worker process
(aspnet.wp.exe)
> > > runs under the IWAM_machinename acount (IIS 5). I have expressly
denied
> > this
> > > user the logon locally right in the domain controller GPO and yet this
> > > profile gets created under the Document and Settings folder. The
> > > IWAM_machinename registry hive remains loaded when the process ends. I
> > have
> > > to manually unload it with regedt32.exe. Is this normal behavior?
> > >
> > >
> >
> >
>
>
 
Archived from groups: microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework.aspnet,microsoft.public.win2000.group_policy (More info?)

It doesn't

--

"Brian Desmond [MVP]" <desmondb@payton.cps.k12.il.us> wrote in message
news:O6YL2C7NEHA.3752@TK2MSFTNGP12.phx.gbl...
> IWAM_MachineName is an IIS account, not an ASPNet account. IWAM should
> unload when the IISAdmin service shutsdown.
>
> --
> --
> Brian Desmond
> Windows Server MVP
> desmondb@payton.cps.k12.il.us
>
> Http://www.briandesmond.com
>
>
> ""Rob"" <@> wrote in message news:eWicuTiNEHA.4060@TK2MSFTNGP10.phx.gbl...
> > Ok, so why does IWAM_machinename registry hive remain loaded when the
> > aspnet_wp.exe process ends? I have to manually unload it with
> regedt32.exe.
> > Is this normal behavior?
> >
> > Thanks for the tip Brian
> > --
> >
> > "Brian Desmond [MVP]" <desmondb@payton.cps.k12.il.us> wrote in message
> > news:%23kfIh8hNEHA.2844@tk2msftngp13.phx.gbl...
> > > Denying log on locally doesn't prevent a service logon, which is
what's
> > > happening in this case. If you don't want the user to logon in any
> > scenario,
> > > you'll need to deny service, batch, and network logon rights too.
> > >
> > > --
> > > --
> > > Brian Desmond
> > > Windows Server MVP
> > > desmondb@payton.cps.k12.il.us
> > >
> > > Http://www.briandesmond.com
> > >
> > >
> > > ""Rob"" <@> wrote in message
> news:uV8SzYfNEHA.4036@TK2MSFTNGP12.phx.gbl...
> > > > On a domain controller, the ASPNET (v1.1) worker process
> (aspnet.wp.exe)
> > > > runs under the IWAM_machinename acount (IIS 5). I have expressly
> denied
> > > this
> > > > user the logon locally right in the domain controller GPO and yet
this
> > > > profile gets created under the Document and Settings folder. The
> > > > IWAM_machinename registry hive remains loaded when the process ends.
I
> > > have
> > > > to manually unload it with regedt32.exe. Is this normal behavior?
> > > >
> > > >
> > >
> > >
> >
> >
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom