An error occurred:

Check: WA000-WI6040 IIS6

IIS6 Site: WA000-WI6040 IIS6 (in version v6 r16)

Title

A unique non-privileged account must be used to run Worker Process Identities. (Cat I impact)

Discussion

The Worker Process Identity is the user defined to run an Application Pool. The IIS 6 worker processes, by default, run under the NetworkService account. Creating a custom identity for each Application Pool better track issues occurring within each web site. When a custom identity is used, the rights and privileges must not exceed those associated with the NetworkService security principal.

Check Content

1. Open the IIS Manager > Right click on the Application Pool that corresponded to the website being reviewed > Select Properties > Select the Identity tab. 2. Identify the account used to run the process identities. 3. Check the privileges on the account found in step 2 by using Computer Management and opening Users and Groups. 4. The account should be in the IIS_WPG group and not have membership to the Administrators group. If the account used to run the Worker Process Identities is also an Administrator, this is a finding. If the account is set to LocalSystem, this is a finding. NOTE: The "Local Service" or "Network Service" built in accounts are not privileged accounts and would not be a finding. NOTE: This check may be reported as a False Positive by the Gold Disk so a manual verification is recommended if this is an open finding. If this is reported as not a finding, no further checking is necessary.

Fix Text

1. Open the IIS Manager > Right click on the Application Pool that corresponded to the website being reviewed > Select Properties > Select the Identity tab. 2. Enter the desired account information. 3. Check the privileges on the account found in step 2 by using Computer Management and opening Users and Groups. 4. Ensure the account is a member of the IIS_WPG group and does not have membership to the Administrators group.

Additional Identifiers

Rule ID: SV-38046r1_rule

Vulnerability ID: V-13713

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check