Impersonation

Home Forums Security General Security Impersonation

Viewing 1 post (of 1 total)
  • Author
    Posts

  • gzt
    Member
    #100209

    Hi,

    If I run an IIS6 site application pool as ‘localsystem’ I see with the token monitor from sysinternals that NTAUTHORITYSYSTEM impersonates networkservice, does this mean w3wp.exe is relatively safe because it is running in the context of networkservice, even it is started by SYSTEM?

    Since the process appears to run as networkservice, if someone manages to compromise the w3wp.exe will they have localsystem privelieges or networkservice priveliges?

    I don’t understand the way process tokens work very well, sorry.

    Thanks!

    Geoff

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: