试图将IIS_IUSRS添加到Administrators组

本文关键字：添加 Administrators IUSRS IIS | 更新日期: 2023-09-27 18:17:13

当我通过计算机->管理->本地用户和组调出AD组时，我可以在列表中看到IIS_IUSRS，因此我单击Administrators组的属性，然后单击添加…在我的本地计算机上选择位置，确保对象类型有"内置安全主体"被选中，并在对象名称文本框中输入IIS_IUSRS，它告诉我无法找到IIS_IUSRS对象。

我在这里做错了什么(除了给予IIS_IUSRS管理员特权)?

我不确定使用"内置"帐户IIS_IUSRS是否像可以添加给管理员的常规组帐户。有关该帐户的更多信息，请参阅:http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/

我的猜测是你有权限问题时，运行一个网站在匿名模式写文件。以下是一些可能的建议，从最好到最差(IMO):

1:使用模拟在代码中为该函数执行"提升"级别的任务。下面是一个代码示例:(使用下面的模拟类/代码:imperson.vb)示例:

Using Impersonate As New Impersonation.Impersonate
Using Usr As System.Security.Principal.WindowsImpersonationContext 
    = Impersonate.ImpersonateUser("<domain username>", "<domain password>", "<domain>")
    'do elevated security level task...
    'System.IO.File.Copy(...)
    Impersonate.UndoImpersonate(Usr)
End Using

使用

结束

2:创建一个虚拟目录，在指定目录上执行"提升"任务。在IIS中，您可以将其设置为no是匿名的，并具有更高的写文件权限，例如:

3: Do impersonation in web.config

<identity impersonate="true" userName="accountname" password="password" />

——Impersonation.vb

Imports System

System.Runtime.InteropServices进口进口System.Security.Principal

名称空间模拟

Public Class Impersonate
    Implements IDisposable
    Private Declare Auto Function LogonUser Lib "advapi32.dll" ( _
    ByVal lpszUsername As String, _
    ByVal lpszDomain As String, _
    ByVal lpszPassword As String, _
    ByVal dwLogonType As Integer, _
    ByVal dwLogonProvider As Integer, _
    ByRef phToken As IntPtr) As Boolean
    Declare Function GetLastError Lib "kernel32" () As Integer
    Public Function ImpersonateUser(ByVal Username As String, ByVal Password As String, ByVal Domain As String) As WindowsImpersonationContext
        Dim tokenHandle As New IntPtr(0)
        Dim dupeTokenHandle As New IntPtr(0)

        Dim mWIC As WindowsImpersonationContext = Nothing
        tokenHandle = IntPtr.Zero
        Dim loggedOn As Boolean = LogonUser(Username, Domain, Password, 8, 0, tokenHandle)
        If loggedOn Then
            Dim mWI As New WindowsIdentity(tokenHandle)
            mWIC = mWI.Impersonate()    'start the impersonation
        End If
        Return mWIC
    End Function
    Public Function UndoImpersonate(ByVal mWIC As WindowsImpersonationContext) As Boolean
        If mWIC IsNot Nothing Then
            mWIC.Undo()
            Return True
        End If
        Return False
    End Function
    Private disposedValue As Boolean = False        ' To detect redundant calls
    ' IDisposable
    Protected Overridable Sub Dispose(ByVal disposing As Boolean)
        If Not Me.disposedValue Then
            If disposing Then
                ' TODO: free managed resources when explicitly called
            End If
            ' TODO: free shared unmanaged resources
        End If
        Me.disposedValue = True
    End Sub
    ' This code added by Visual Basic to correctly implement the disposable pattern.
    Public Sub Dispose() Implements IDisposable.Dispose
        ' Do not change this code.  Put cleanup code in Dispose(ByVal disposing As Boolean) above.
        Dispose(True)
        GC.SuppressFinalize(Me)
    End Sub
End Class

结束名称空间