Article ID: 236855
Article Last Modified on 7/14/2004
APPLIES TO
- Microsoft Internet Information Services 5.0
This article was previously published under Q236855
SUMMARY
In Internet Information Services (IIS) 5.0, the default setup for a Web application is to run as "out-of-process pooled" or medium application protection. This means that if the application should stop for some reason, IIS itself is not affected.
Because COM+ must run an out-of-process application with some identity, in the case of IIS, IWAM_<MACHINE NAME>is used. In IIS 5.0, the IWAM_<MACHINE NAME> account is a very low privilege account, just as in IIS 4.0. This was done for security reasons. The side-effect of this is that some ISAPI applications that require the process account to have localsystem-like capabilities will fail. The most common are those that use reverttoself() to perform some highly trusted function. The code following a call to reverttoself() in an out-of-process application in IIS 5.0 (the default) may fail.
MORE INFORMATION
Who is affected?
- If your Web server does not use any custom ISAPI applications, you should not be affected.
- Any code that worked correctly in an IIS 4.0 out-of-process application will also work in IIS 5.0.
- If you use custom authentication ISAPI applications, you may be affected. The errors you may see are based on how the ISAPI application is written.
What should you do?
- If you see no errors, then do nothing. IIS 5.0 is running in its optimal configuration.
- If you do see an error and you feel the ISAPI application is the point of failure, then try the following:
- Run the application in-process. If that works, then contact your ISAPI application vendor to see if they have an update that runs out-of-process pooled.
- Run the application out-of-process and give the IWAM account "Act as part of operating system" and "Increase application quota" privileges. If this succeeds, then contact the ISAPI application vendor for an updated version.
- If you are a developer writing ISAPIs or any functionality relying on localsystem after a reverttoself(), then you should start testing your code on the released version of Windows 2000 and IIS 5.0.
Additional query words: iis
Keywords: kbinfo KB236855