From 4cf8b27e76944c7e0ca7860bee687946e019e728 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 21 Jan 2021 21:40:39 +0200 Subject: [PATCH] add info about IIS 7.0 and above https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8881 --- .../impersonate-a-client-after-authentication.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md index 1d241529ee..893651d17e 100644 --- a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md @@ -105,6 +105,8 @@ On member servers, ensure that only the Administrators and Service groups (Local In most cases, this configuration has no impact. If you have installed optional components such as ASP.NET or IIS, you may need to assign the **Impersonate a client after authentication** user right to additional accounts that are required by those components, such as IUSR\_*<ComputerName>*, IIS\_WPG, ASP.NET, or IWAM\_*<ComputerName>*. +In IIS 7.0 and later, a built-in account (IUSR) replaces the IUSR_MachineName account. Additionally, a group that is named IIS_IUSRS replaces the IIS_WPG group. Because the IUSR account is a built-in account, the IUSR account no longer requires a password. The IUSR account resembles a network or local service account. More details [in this article](https://docs.microsoft.com/en-us/troubleshoot/iis/default-permissions-user-rights). + ## Related topics - [User Rights Assignment](user-rights-assignment.md)