CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

IIS 6.0 uses a number of built-in Windows accounts, as well as a number of IIS-specific user accounts. The user accounts that are actively used depend on whether IIS 6.0 is running in IIS5 isolation mode or in IIS 6.0 worker process mode (see Chapter 1 for more information on these modes).
IIS 6.0 provides two major application processing modes: IIS 6.0 worker process isolation mode and IIS 5.0 isolation mode (for backward compatibility with IIS 5.0 applications).
In IIS 6.0 worker process isolation mode web applications are assigned to web application pools, which can each be configured to use a separate process identity. The core IIS 6.0 services run under LocalSystem.
In IIS 5.0 isolation mode, web applications can either run inside the core IIS processes (running as LocalSystem), or out of process in a separate dllhost.exe process. These processes can be assigned separate process identities.
The default accounts used by IIS 6.0 in worker process isolation mode for running any process that executes user-supplied code are low privilege accounts, which helps reduce the possible damage that a malicious attacker can inflict should an application be compromised.
When IIS 6.0 is running in worker process mode, websites and web applications (by default, a website is always configured as a web application) run inside web application pools. Each web application pool is represented by a w3wp.exe process, which is visible in Task Manager. Each w3wp.exe process...