All geek questions in one place

HttpAddUrl Permissions

I am trying to run my own WinHTTP-based web server on a computer running Windows Server 2008.

I am passing "http: // *: 22222 /" to HttpAddUrl

When I run my executable as Administrator or LocalSystem, everything works fine. However, if I try to run it as NetworkService in order to minimize security risks (since there are no legitimate reasons for the application to use administrator rights), the function does not work with the "Access is denied" error code.

I did not know that the NetworkService has any restrictions on which ports and interfaces it can listen to.

Is there a way to configure permissions so that I can run the application under the NetworkService account and connect to it from other Internet hosts?

+4
source share
1 answer

You must be an administrator to add URLs to http.sys URL mappings. The network service is not part of the administrator group, but the administrator members and the system account are members.

IIS turns this around having one inetinfo.exe process that starts as SYSTEM and sets up URL mappings for worker processes (w3wp.exe) that run as a network service.

Hope that clarifies the meaning.

+5
source

Source: https://habr.com/ru/post/1305710/

More articles:


All Articles