Set "Dedicated Appl...
 
Notifications
Clear all

Set "Dedicated Application Pool" flag to false

9 Posts
2 Users
0 Likes
1,357 Views
Posts: 99
 Ben
Topic starter
(@maoxiong)
Estimable Member
Joined: 6 years ago

Hey guys,
Ok, so I have a package that did have dedicated application pools allowed, but I've now decided to switch that off.
I thought I could just remove it from the package details, then go to each domain and "save" them to switch them back to shared, but that doesn't work.
So I'm assuming there is a SQL command I can run in the DB which will set the Dedicated flag off, so when I then go into the Website properties and save/switch .NET version - it will put it back on the shared pool.

Thank you!

8 Replies
Posts: 99
 Ben
Topic starter
(@maoxiong)
Estimable Member
Joined: 6 years ago

P.s. Also, just to check - the shared application pools should be running under the "NETWORK SERVICE" account? I've not come across that before!

Reply
Posts: 1964
Admin
(@m-tiggelaar)
Noble Member
Joined: 8 years ago

Hello,
For one i really wouldn't recommend shared .net unless your running anything besides .net scripts (and don't allow .net scripts on the sites)
If you do, please know this means 1 site gets hacked = all sites gets hacked. (they over lap in perms).
Network service is one of the 2 default accounts that has default access to most commands (similar to local service).
Regards,
Marco

Reply
Posts: 99
 Ben
Topic starter
(@maoxiong)
Estimable Member
Joined: 6 years ago

Oh really? I thought they would run under the anonymous user permissions (certainly for PHP and ASP I have tested that to be true).
So .NET is different?

Reply
Posts: 1964
Admin
(@m-tiggelaar)
Noble Member
Joined: 8 years ago

Websites and application pools have their own identity, you will see this identity under "task manager" for php, asp.net, iis sites, etc.
All the users used would define segregated or not.
So if the same user (or anon, or sys user) is used to execute a script --> it means the same user has script access to other files (sites) giving the same perms for that user
It would be similar to leaving the default "users"group on the disk and not expecting Read or execute rights to all files unless explicitly denied (default windows).

Reply
Page 1 / 2
Share: