开发者

Protect from getting IIS physical path credentials in plain text (using powershell)

问答 作者:

Each of my websites configured in IIS use a special local user to access the website folder (Physical Path Credentials) located on the server.

To my knowlege it isn't possible to view the passwords of these local users (which is a good thing). It is only possible to change the password, of course.

But with powershell I can do this:

Import-Module WebAdministration
$Websites = Get-ChildItem IIS:\Sites
foreach ($site in $Websites) {
  "Site: " + $site.name + " - " + 
  "User: " + $site.userName + 
  "PW: " + $site.password  
}

Is there a way to protect the user password so that such a query is not possible or won't retrieve the passwords?

I know Administrator rights are necessary to execute this comma开发者_StackOverflow社区nd but IMHO it shouldn't be possible to read out passwords like that even then.

We had a Microsoft representative in our office about a year ago and I asked the same question. The answer I got was that this is the way it is and there is no other way to protect this since you need an Administrator account to access this information.

继续阅读:securitywindows

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9