IMPAX 6.5.1 Application Server Knowledge Base > Armoring: Securing the Application Server > Application Server security reference information
The Application Server installation modifies the following policies related to local security. The Application Server installation does not update the Security Options policy. For more information about the Local Security Policies, refer to the Microsoft documentation.
Audit Policy
| Default Windows setting | Application Server setting | |
|---|---|---|
| Audit account login events | Success | Success, Failure |
| Audit account management | No auditing | Success, Failure |
| Audit directory service access | No auditing | Success, Failure |
| Audit logon events | No auditing | Success, Failure |
| Audit object access | No auditing | Success, Failure |
| Audit policy change | No auditing | Success |
| Audit privilege use | No auditing | Success, Failure |
| Audit process tracking | No auditing | |
| Audit system events | No auditing | Success |
User Rights Assignment
| Default Windows setting and changes Application Server makes | |
|---|---|
| Access this computer from the network | Default: Everyone, Administrators, Users, Power Users, Backup Operators |
| Application Server adds: IUSR_<machine>, IWAM_machine, IIS_WPG, ASPNET, Guests | |
| Act as part of the operating system | Default: (blank) |
| Application Server adds: Administrator | |
| Add workstations to domain | (blank) |
| Adjust memory quotas for a process | Default: LOCAL SERVICE, NETWORK SERVICE, Administrators |
| Application Server adds: IWAM_machine, IIS_WPG, Administrator | |
| Allow log on locally | Default: Administrators, Users, Power Users, Backup Operators |
| Application Server adds: IUSR_machine, Guests | |
| Allow log on through Terminal Services | Administrators, Remote Desktop Users |
| Back up files and directories | Default: Administrators, Backup Operators |
| Application Server adds: ImpaxServerUser, ImpaxSQLUser, ImpaxAdminUser | |
| Bypass traverse checking | Default: Everyone, Administrators, Users, Power Users, Backup Operators |
| Application Server adds: Administrator | |
| Change the system time | Administrators, Power Users |
| Application Server removes: Power Users | |
| Create a pagefile | Administrators |
| Create a token object | (blank) |
| Create global objects | Administrators, SERVICE |
| Create permanent shared objects | (blank) |
| Debug programs | Administrators |
| Deny access to this computer from a network | Default: SUPPORT_388945a0 |
| Application Server adds: ImpaxServerUser, ImpaxSQLUser, ImpaxAdminUser | |
| Deny log on as a batch job | Default: (blank) |
| Application Server adds: ImpaxServerUser, ImpaxSQLUser, ImpaxAdminUser | |
| Deny log on as a service | (blank) |
| Deny log on locally | Default: SUPPORT_388945a0 |
| Application Server adds: ASPNET, ImpaxServerUser, ImpaxSQLUser, ImpaxAdminUser | |
| Deny log on through Terminal Services | Default: (blank) |
| Application Server adds: ASPNET, ImpaxServerUser, ImpaxSQLUser, ImpaxAdminUser, Guests | |
| Enable computer and user accounts to be trusted for delegation | (blank) |
| Force shutdown from a remote system | Administrators |
| Generate security audits | Default: LOCAL SERVICE, NETWORK SERVICE |
| Application Server adds: ImpaxServerUser, ImpaxSQLUser, ImpaxAdminUser | |
| Impersonate a client after authentication | Default: Administrators, SERVICE |
| Application Server adds: IIS_WPG, ASPNET | |
| Increase scheduling priority | Administrators |
| Load and unload device drivers | Administrators |
| Lock pages in memory | Default: (blank) |
| Application Server adds: Administrator | |
| Log on as a batch job | Default: LOCAL SERVICE, SUPPORT_388945a0 |
| IUSR_<machine>, IWAM_machine, IIS_WPG, ASPNET, Administrator, Guests | |
| Log on as a service | Default: NETWORK SERVICE |
| Application Server adds: ASPNET, ImpaxServerUser, ImpaxSQLUser, ImpaxAdminUser | |
| Manage auditing and security log | Default: Administrators |
| Application Server adds: ImpaxServerUser, ImpaxSQLUser, ImpaxAdminUser | |
| Modify firmware environment variables | Administrators |
| Perform volume maintenance tasks | Administrators |
| Profile single process | Default: Administrators, Power Users |
| Application Server removes: Power Users | |
| Profile system performance | Administrators |
| Remove computer from docking station | Default: Administrators, Power Users |
| Application Server removes: Power Users | |
| Replace a process level token | Default: LOCAL SERVICE, NETWORK SERVICE |
| Application Server adds: IWAM_machine, IIS_WPG, Administrator | |
| Restore files and directories | Administrators, Backup Operators |
| Shut down the system | Administrators, Power Users, Backup Operators |
| Synchronize directory service data | (blank) |
| Take ownership of files or other objects | Administrators |
See also
Account policies changed by the IMPAX installation: Reference
Local security policies changed by the IMPAX installation: Reference
Topic number: 9303 Applies to: IMPAX 6.5.1 Application Server Knowledge Base |