Hello! I'm in the process of hardening a server in my company. The server has Windows Server 2003 installed (Web server, IIS installed). Under the new policy, only "Administrators" and "Service" shall remain in "Impersonate a client after authentication" policy. Currently the following users are configured in this policy: administrators, aspnet, IIS_WPG, service. What are the impacts of removing aspnet and IIS_WPG from this policy? Thanks!

Hello, assuming that ASP.NET and IIS_WPG belong specific to IIS i suggest to ask the IIS experts in: http://forums.iis.net/Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, As Meinolf suggested, please submit a new question on the IIS forum. For more information on "Impersonate a client after authentication" user rights, please refer to the following link: http://support.microsoft.com/kb/821546 By default, members of the device's local Administrators group and the device's local Service account are assigned the "Impersonate a client after authentication" user right. The following components also have this user right: Services that are started by the Service Control Manager Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account Hope the above information will be helpful. Thanks. NinaThis posting is provided "AS IS" with no warranties, and confers no rights.