locked
ASP.Net User account-where did it come from? RRS feed

  • Question

  • Using SBS Essentials 2011.  I recently noticed an ASP.NET user account in the ADUC. Was this account here when SBS was installed-or where did it come from?

    It was used to hack a server.

    Thank you!

    Tuesday, July 19, 2016 8:39 PM

Answers

  • Hi,

    User account named “ASP.NET” may be related to .NET framework or Service Pack installation. 

    If you work with asp.net development work then keep that account. Otherwise, you may delete/remove this account.

    ASP.NET Machine Account(can be considered as a reference):
    https://support.microsoft.com/en-us/kb/555299

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, July 20, 2016 5:54 AM
  • Hi,

    >quote from KB 315158(https://support.microsoft.com/en-us/kb/315158):
    By default, ASP.NET runs its worker process (Aspnet_wp.exe) with a weak account (the local machine account, which is named ASPNET) to provide a more secure environment. On a domain controller or on a backup domain controller, all user accounts are domain accounts and are not local machine accounts. Therefore, Aspnet_wp.exe fails to start because it cannot find a local account named "localmachinename\ASPNET".

    According to above description, this ASP.Net account does not work on DC. 

    I am unable to reproduce your problem on my test environment – SBS 2011 Standard/Windows Server 2012 R2 Essentials. For security consideration, I would recommend you to disable this account in ADUC, wait for a period of time and check the result. It can be safely removed later if there is no problem happens. Besides, check the description and properties(permission, belong group and etc.) of this account, these information would be helpful for further identifying the function of this account. 

    Disable or Enable a User Account:
    https://technet.microsoft.com/en-us/library/cc753390(v=ws.11).aspx

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, July 21, 2016 3:22 AM

All replies

  • Hi,

    User account named “ASP.NET” may be related to .NET framework or Service Pack installation. 

    If you work with asp.net development work then keep that account. Otherwise, you may delete/remove this account.

    ASP.NET Machine Account(can be considered as a reference):
    https://support.microsoft.com/en-us/kb/555299

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, July 20, 2016 5:54 AM
  • Thank you for the reply and that article was helpful. However, since this is SBS Essentials and we do use the Remote Web Access (RWA) feature, which I think uses IIS and other possibly related roles, does RWA require the ASP.NET account to be active or can it still be deleted?

    I just don't know enough about the structure of ASP in use with SBS Essentials.

    • Edited by Talmoo Wednesday, July 20, 2016 4:22 PM
    Wednesday, July 20, 2016 4:21 PM
  • Hi,

    >quote from KB 315158(https://support.microsoft.com/en-us/kb/315158):
    By default, ASP.NET runs its worker process (Aspnet_wp.exe) with a weak account (the local machine account, which is named ASPNET) to provide a more secure environment. On a domain controller or on a backup domain controller, all user accounts are domain accounts and are not local machine accounts. Therefore, Aspnet_wp.exe fails to start because it cannot find a local account named "localmachinename\ASPNET".

    According to above description, this ASP.Net account does not work on DC. 

    I am unable to reproduce your problem on my test environment – SBS 2011 Standard/Windows Server 2012 R2 Essentials. For security consideration, I would recommend you to disable this account in ADUC, wait for a period of time and check the result. It can be safely removed later if there is no problem happens. Besides, check the description and properties(permission, belong group and etc.) of this account, these information would be helpful for further identifying the function of this account. 

    Disable or Enable a User Account:
    https://technet.microsoft.com/en-us/library/cc753390(v=ws.11).aspx

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, July 21, 2016 3:22 AM