 |
article #3302201: |
|
|
Securing the Portfolio NetPublish service. |
|
|
|
 |
|
|
product: |
Portfolio NetPublish
|
|
|
|
parent product: |
Standalone or None
|
|
|
|
operating system: |
Windows 2000 Server
,
Windows Server 2003
,
Windows XP Pro
|
|
|
|
|
|
|
article description:
|
|
|
|
This document discusses securing the Portfolio NetPublish service to prevent unauthorized access of the web server. |
|
|
|
|
|
|
solutions/workaround: |
|
|
|
Portfolio NetPublish runs as a Windows service using the Local System account, which is a powerful account that has full access to the system. To prevent unauthorized read access to files residing on a Portfolio NetPublish web server, it is necessary to configure the NetPublish service to use a service account with a minimal set of permissions:
- Create a local or domain user account specifically for NetPublish.
- Configure the Portfolio NetPublish service to use the account.
- Apply "Full Control: Deny" permissions for the NetPublish service account on all files and folders, except C:\Program Files\Extensis\Portfolio NetPublish Server\WebRoot and its contents.
For information on Windows services, permissions, and security refer to your Windows operating system documentation. |
|
|
|
|
|
|
systems affected:
|
|
|
|
Portfolio NetPublish on Windows
|
|
|
|
|
|
|
|
|
|
|
|
 |
 |
 |
| |
 |
|
(no documents or add-ons)
|
|
|
 |
|
 |
|
 |
|
|
|
