C
Curt K
We run some web services (IIS 5 and IIS 6) that communicate to a COM out of
process server, which in turn communicates to another out of process COM
server (long story). We have had lots of permissions issues getting the web
service to communicate to the COM object to the point that we use the
"administrator" account (yes, I know this is really bad). We need to tidy
this for security purposes and to run under Vista and properly set up the
permissions.
What I'm missing is the "Rosetta stone" of permissions. For example we
found that if we create a new user and add them to the Administrator group,
it is not the same as the administrator account. So what I'm looking for
is the "attributes" (for lack of a better word) of the Administrator that
allows the "extra" permissions behind the scenes. Having an explanation
what permissions the "Network" and "System" accounts have would help. I'm
missing "jump" in attributes from a normal user that has "Read/Write" access
permissions to a file (which I understand) to actual launch and activate
permissions (which I haven't seen a way to set programmatically). How or
where can I set the launch and activate permissions programmatically?
Is there a book or web site that anyone would recommend so I can brush up on
my understanding of users and their permissions? I know there are MSDN docs
that describe ACLs and DCLs. I've seen adding or manipulating the "groups"
and/or users, but I have not seen the connection to the operating system as
far launching or prevention of access to a resource other than simple
read/write style of access.
I'm hoping this makes sense.
Thank you in advance,
Curt
process server, which in turn communicates to another out of process COM
server (long story). We have had lots of permissions issues getting the web
service to communicate to the COM object to the point that we use the
"administrator" account (yes, I know this is really bad). We need to tidy
this for security purposes and to run under Vista and properly set up the
permissions.
What I'm missing is the "Rosetta stone" of permissions. For example we
found that if we create a new user and add them to the Administrator group,
it is not the same as the administrator account. So what I'm looking for
is the "attributes" (for lack of a better word) of the Administrator that
allows the "extra" permissions behind the scenes. Having an explanation
what permissions the "Network" and "System" accounts have would help. I'm
missing "jump" in attributes from a normal user that has "Read/Write" access
permissions to a file (which I understand) to actual launch and activate
permissions (which I haven't seen a way to set programmatically). How or
where can I set the launch and activate permissions programmatically?
Is there a book or web site that anyone would recommend so I can brush up on
my understanding of users and their permissions? I know there are MSDN docs
that describe ACLs and DCLs. I've seen adding or manipulating the "groups"
and/or users, but I have not seen the connection to the operating system as
far launching or prevention of access to a resource other than simple
read/write style of access.
I'm hoping this makes sense.
Thank you in advance,
Curt