Protect from getting IIS physical path credentials in plain text (using powershell)
Each of my websites configured in IIS use a special local user to access the website folder (Physical Path Credentials) located on the server.
To my knowlege it isn't possible to view the passwords of these local users (which is a good thing). It is only possible to change the password, of course.
But with powershell I can do this:
Import-Module WebAdministration
$Websites = Get-ChildItem IIS:\Sites
foreach ($site in $Websites) {
"Site: " + $site.name + " - " +
"User: " + $site.userName +
"PW: " + $site.password
}
Is there a way to protect the user password so that such a query is not possible or won't retrieve the passwords?
I know Administrator rights are necessary to execute this comma开发者_StackOverflow社区nd but IMHO it shouldn't be possible to read out passwords like that even then.
We had a Microsoft representative in our office about a year ago and I asked the same question. The answer I got was that this is the way it is and there is no other way to protect this since you need an Administrator account to access this information.
精彩评论