This document contains the default settings and permissions for IIS Virtual Directories and File System Directories for Patch Manager.
Note: A large number of issues reported to LANDesk related to Patch Manager can be traced back to a permissions change or Group Policy being applied to the core server resulting in a change to the default permissions. It is important to compare the permissions on the a faulty core server with the permissions listed in this document.
A note about default Windows account permissions:
- Local System : Completely trusted account, moreso than the administrator account. There is nothing on a single box that this account can not do and it has the right to access the network as the machine (this requires Active Directory and granting the machine account permissions to something)
- Network Service : Limited service account that is meant to run standard least-privileged services. This account is far more limited than Local System (or even Administrator) but still has the right to access the network as the machine (see caveat above).
- Local Service : A limited service account that is very similar to Network Service and meant to run standard least-privileged services. However unlike Network Service it has no ability to access the network as the machine.
- IUSR: http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/