Microsoft KB Archive/236855

From BetaArchive Wiki
Knowledge Base


Changes to the IWAM Account in IIS 5.0

Article ID: 236855

Article Last Modified on 7/14/2004


APPLIES TO

  • Microsoft Internet Information Services 5.0


This article was previously published under Q236855

SUMMARY

In Internet Information Services (IIS) 5.0, the default setup for a Web application is to run as "out-of-process pooled" or medium application protection. This means that if the application should stop for some reason, IIS itself is not affected.

Because COM+ must run an out-of-process application with some identity, in the case of IIS, IWAM_<MACHINE NAME>is used. In IIS 5.0, the IWAM_<MACHINE NAME> account is a very low privilege account, just as in IIS 4.0. This was done for security reasons. The side-effect of this is that some ISAPI applications that require the process account to have localsystem-like capabilities will fail. The most common are those that use reverttoself() to perform some highly trusted function. The code following a call to reverttoself() in an out-of-process application in IIS 5.0 (the default) may fail.

MORE INFORMATION

Who is affected?

  • If your Web server does not use any custom ISAPI applications, you should not be affected.
  • Any code that worked correctly in an IIS 4.0 out-of-process application will also work in IIS 5.0.
  • If you use custom authentication ISAPI applications, you may be affected. The errors you may see are based on how the ISAPI application is written.



What should you do?

  • If you see no errors, then do nothing. IIS 5.0 is running in its optimal configuration.
  • If you do see an error and you feel the ISAPI application is the point of failure, then try the following:


    1. Run the application in-process. If that works, then contact your ISAPI application vendor to see if they have an update that runs out-of-process pooled.
    2. Run the application out-of-process and give the IWAM account "Act as part of operating system" and "Increase application quota" privileges. If this succeeds, then contact the ISAPI application vendor for an updated version.
  • If you are a developer writing ISAPIs or any functionality relying on localsystem after a reverttoself(), then you should start testing your code on the released version of Windows 2000 and IIS 5.0.



Additional query words: iis

Keywords: kbinfo KB236855



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/236855&oldid=373203
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki