Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

whos using the IUSER_<compname> account?

Status
Not open for further replies.
wakubi

wakubi

IS-IT--Management
Aug 7, 2001
38
0
0
GB
Hello all,

We are running NT4.0 SP6a with win98SE clients.

Ive just inherited the network and I know we shouldnt be running all these services on PDC, but on the PDC we have: WINS, DHCP, Exchange 4.5, RAS, Proxy 2.0

Along time before i came here IIS4 was also running on the PDC, but was removed and we no longer have any machines running IIS on our network.

When I started I discovered that both the IWAM_ and IUSER_<servername> accounts were both still active, dispite us not having IIS installed. Its been along time since ive used IIS, but I thourght these accounts were used by NT to authenticate web clients. (of which we have none)

So I disabled both accounts, but occasionally we recieve a load of event errors (ID 100: W3SVC) saying that the server was unable to log onto the IUSER_ account as the account is disabled.

Does anyone have any ideas to why the server is trying to use the iuser_ account. Is someone trying to hack us or what?
And how do I get more information about whats going on the the system other then the little info that event Viewer gives?

Thanks in advance for any information or help.

Julian K
MCSE/MCP+I
 
Sort by date Sort by votes
HI.

A quick look at the Event Viewer will give you important information.

Proxy 2.0 *NEEDS* IIS to function!
If you're using it, IIS should also run in some manner.

If this is a SBS server, then the SBS management console is also dependant in IIS.

So I suggest keep IIS working, but limit access to it in your firewall and in ISM, and apply the latest SP + SRP.

If you want to remove IIS - uninstall MSPROXY, and uninstall IIS or disable all related services like:
INDEXING
FTP
IIS ADMIN

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Yes thanks Yizhar,
your right, IIS is running, and SBS too. Ok so ive worked out why the iuser and iwam accounts were still active, but they are a security risk along with IIS and Proxy which seem to be configured all wrong.
We do not host any web sites here, so all IIS is doing is just something to carry the Proxy in.

OK so im trying to secure our LAN and proxy server. the first point of call was to disable the World Wide Web Publishing service in IIS.

Do you know why the Web proxy, Winsock Proxy, and socks proxy, all stop running, thus ending all access to net from LAN when i stop the web service?

Julian K
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
129
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
127
goombawaho
goombawaho
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
180
mangentle
mangentle
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
116
fightaccording
fightaccording
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony &amp; QS
Replies
0
Views
78
DeepuM
DeepuM

Part and Inventory Search

Sponsor

Back
Top