1

I've installed several DotNetNuke sites on Windows Server 2008. What I'd like to know is how the various security entities should be configured together. For example, some installation references recommend setting the site file's permission to include "NETWORK SECURITY" with Modification priviledges; IIS 7.5 AppPool Identity set to Network Service.

As for the database - I'm using SqlServer 2008. I've used both Windows Integrated and SqlServer user identities. Is one more preferred than the other? I noticed in this forum that the AppPool identity needs db_owner priviledges in SqlServer.

In short, I'm trying to tie together File Permissions, IIS 7.5 AppPool, and SqlServer 2008 security settings. I using DotNetNuke 5.x and 6.x.

soulia
  • 483
  • 2
  • 6
  • 20

1 Answers1

1

In IIS 7.5 I always use "IIS AppPool\ApplicationPoolName" where ApplicationPoolName is defined by IIS when you create the website. I use this for the File Permissions, I also use Windows Authentication for the database account using that same username, this assumes you are running SQL Server locally.

Having individual application pool accounts helps from a security perspective because the pools are silo'd, meaning they can only access their File System and their Database, not other website's file systems or databases.

If you are using IIS 7, or earlier versions (not 5/5.1 in Windows 2000/XP) the default application pool runs under Network Service.

Chris Hammond
  • 8,873
  • 1
  • 26
  • 34
  • Chris - How do you specify the File Permissions name? When adding "IIS AppPool\MyAppPoolName", I get the "Name not found" message. I also tried just "MyAppPoolName". – soulia Dec 28 '11 at 17:38
  • File Permissions-> Right click on the Folder where your DNN files are, choose Properties, Security Tab, then Edit, Add the IIS AppPool\AppPoolName there, make sure your "location" is the local computer, not a domain – Chris Hammond Jan 02 '12 at 03:43