All geek questions in one place

Should a network service account get temporary temporary permissions by default?

I recently worked with creating a PDF file from Crystal Reports via a web form. This was unsuccessful, and I decided that it was caused by the permission settings in the c: \ windows \ temp directory. I gave the network service account full access to this folder, which quickly fixed the problem. But is there a reason the network service account did not have these rights by default?

Rick Strall asks this question here . It seems that this should not have any problems, but Rick did not understand why this is set by default.

The web server is Windows Server 2003

+4
source share
3 answers

These days, the default option will be more secure. I do not think there is another reason.

I had the same problem as you, and in my environment I just gave permission and switched.

This post assumes this is a Crystal Reports bug that explicitly refers to% WINDIR% \ Temp instead of using an API such as Path.GetTempPath (). Actually, I saw that Path.GetTempPath () returns% WINDIR% \ Temp when working under a network service account in Windows 2003.

+1
source

This post about creating temporary files has comments that support the use of the Windows temporary files folder.

An msdn article on using a Network Service account states that "if your ASP.NET application needs to use files or folders in other places, you must specifically allow access." This tells me that the default limit for the temporary folder is not related to the fact that the temp folder has been allocated, but all other places except the IIS root folder are limited by default.

+1
source

% windows% \ temp does not apply to general tempos and settings. Clearly, Crystal Reports is abusing this directory. This happens very often when developers are too lazy to boot their computers with anything other than an administrator account.

Each user (including Network Service) has its own temporary space with full access rights in the Documents and Settings section. Winners do not act like CR, and use their own time spaces.

In short, there is nothing wrong with the default permissions for win \ temp. I believe this is just for internal Windows development. (Again, this would be much better for everyone interested if this directory never existed in the first place.)

0
source

Source: https://habr.com/ru/post/1277447/

More articles:


All Articles