Hi Bruce, Good comments.
An updated, alternative IIS security model doc is now out for review by expert users and others. Essence of it is creating a new user, and not using IUSR_computername. Instead of using IUSR, using User IISuser for the WebAdmin and User IIS_WPG for Web Client on IIS6 or User ASPNET on IIS5), for managing IMail. We expect to publish next week. By for now, kg -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruce Barnes Sent: Friday, January 13, 2006 4:27 PM To: [email protected] Subject: RE: [IMail Forum] OT: Imail 2006 problems to get worse when Vista Released Robert; I was not complaining at all about the enhanced security of the VISTA product. On the contrary, if you have read any of my previous posts concerning the (lack of) security within IMail 2006; ie: the "security" of everyone having "all write/change/etc" access to all of the directories into which IMail has working access, is my biggest complaint about the current release of the 2006 product, and we, as a company, have delayed the installation of IMail 2006 until this problem is resolved. We work with several high-security aspects of both networking and credit card processing security and we're already told during one audit that they would rescind all of our CISP certifications if we installed the current release of IMail onto any of the servers within our networks. My comment, and the link that I supplied within what I wrote, was a heads-up to the IMail development team to let them know they will have to resolve not only the current security issues, but also bring both this product, and any future releases, into compliance with the enhanced requirements of VISTA. I totally concur that we all need substantially enhanced security in all aspects of computing and applaud Microsoft for taking this next step. Bruce Barnes ChicagoNetTech Inc ---------- Original Message ---------------------------------- From: "Robert E. Spivack" <[EMAIL PROTECTED]> Reply-To: [email protected] Date: Fri, 13 Jan 2006 11:35:56 -0800 So, what's your point? That having real security is a PIA? Sorry, the majority of the IT community has been begging for greater security and welcomes these changes. Sure, developers and admins will have to learn how to do things "The right way" and stop being sploppy. Of course, you can still always override by giving "allow everything" rights, but that's how this mess started in the first place. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Barnes Sent: Friday, January 13, 2006 4:50 AM To: [email protected] Subject: [IMail Forum] OT: Imail 2006 problems to get worse when Vista Released Not to throw any more water on the development fire at IPSwitch, but the current problems with directory permissions and the ability of users to be able to WRITE to file areas under Windows 2000 and Windows 2003 are just the beginning of the headaches in store for us in the future. Under Windows VISTA overall operating system security will be significantly more substantial. READ - if we thought setting up the program and configuring file permissions for IMail 2006 is bad now, just wait for Windows VISTA. Apparently Microsoft, in an effort to rein in the plethora of security problems they have had is in the past is SIGNIFICANTLY REDUCING the areas of the operating system that both the USERS and INSTALLED SOFTWARE will be able to actually have WRITE permissions to in their latest design. Additionally, there will no longer be a default SESSION ISOLATION. In both past and current session isolations, the logged in user was always setup as SESSION ISOLATION 0 (ZERO). That will no longer be the case in VISTA! See: http://windowsconnected.com/blogs/joshs_blog/archive/2006/01/07/295.aspx for more information about the potential headaches for both developers and end users. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ ________________________________________________________________ Sent via the WebMail system at huntz.chicagonettech.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
