Hi, So fare i understand the readme, ""Act as part of the operating system" must applied on windows 2000 only.
We're using Windows 2003. -- Mit freundlichen Grüssen -------------------------------------------- Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 44 391 30 00 Fax: +41 44 391 32 49 Mail: mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 -------------------------------------------- News - Neue Produkte: .:. NOD32 Antivirus System .:. BlueDragon .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. Sawmill Loganalyzer .:. SmarterTools -------------------------------------------- -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Mike N Gesendet: Montag, 25. September 2006 23:01 An: [email protected] Betreff: Re: [IMail Forum] Results after Upgrading to Imail 2006.1 >I followed the instructions from the Imail Release notes very carefully. >I cound't find the settings how to run the administration without having > the login dialog box. The problem might be, that we really separated > Programs and Data as fare as possible. One thing I noticed is that there is a requirement that the user be granted rights to "Act as part of the operating system". In my case, I created a separate anonymous user, and the installation program did not automatically modify my local security policy. I haven't done this yet - I don't know if this is for purposes of service control, or if it will eliminate the login prompt also. Presumably this is still much better than granting the anonymous user full administration privileges. >I'm not really into hacking, but what are the consequences if >IIS anonymous needs write access? What can a hacker do >with this? As you note, it would need to be combined with a security hole to be dangerous. Although there have not been any IIS exploits in the last several years, we cannot say there would not be any in the future. There is a lot of surface area - the entire web client application and .NET, as well as IIS. Standard layered security might prevent a full server root breakin if they can gain only privileges granted to an anonymous web application user. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
