Setting up an ASP.NET Service Account with Least-Privilege Permissions


I find myself rediscovering how to do this a lot, so I thought I’d post this here.

  1. Create your Account (let’s say it’s MyDomain.com\sa_MyMVCHostingUser in your company’s Active Directory server – it can also be a local Windows account as well)
  2. Open up an elevated command prompt (Start -> “command” -> [CTRL]+[SHIFT]+[ENTER])
  3. Navigate to your .NET Framework directory (such as C:\Windows\Microsoft.NET\Framework\v4.0.30319)
  4. execute: aspnet_regiis -ga MyDomain.com\sa_MyMVCHostingUser

After performing the above steps, your account will have the basic permissions to host a basic ASP.NET application. If you are accessing resources other than the IIS Metabase or content files in your IIS Application, then those permission configurations are beyond the scope of this post (and you would NOT set them up in a similar way, so don’t try).


Jaxidian Update is proudly powered by WordPress and themed by Mukkamu