3.4 Operation by general user accounts
This section describes how to operate Web server by using a general user account to which only permissions required for operation have been set, without belonging to a group that has various permissions.
Overview
When executing Web server as a service, the user account is LocalSystem at the time of installation. Web server, including CGI programs and the API connection module, is executed by this user account.
This section describes how to operate Web server by using a general user account to which only permissions required for operation have been set, without belonging to a group that has various permissions.
Creating a general user account
This section describes how to create a general user account to start Web server service.
- How to create a general user account
-
-
From the Control Panel, open Administrative Tools, and then Computer Management.
-
In Computer Management, open System Tools > Local Users and Groups > Users.
-
From the Action menu, select New User, and then enter the necessary information.
By default, group settings are added to a created general user account. Execute the following procedure to delete the group settings.
-
- How to delete group settings
-
-
From the Control Panel, open Administrative Tools, and then Computer Management.
-
In Computer Management, open System Tools > Local Users and Groups > Users.
-
Show the Properties of the new user, and then display the Member Of tab.
-
Delete the registered groups.
-
Assigning the user permissions
This section describes how to assign user permissions to the created general user account.
- How to assign user permissions
-
-
From the Control Panel, open Administrative Tools > Local Security Policy.
-
Open Security Settings > Local Policies > User Rights Assignment.
-
Double-click Log on as a Service to open it.
-
Click the Add user or group, and then add the corresponding user account.
-
Even if you do not explicitly specify the Log on as a Service permission, the permission is automatically added to the general user that changed the service logon account.
For details about changing the service logon account, see Changing the service logon account.
Changing the service logon account
This section describes how to change the Web server service logon account to the general user account.
- How to change the service logon account
-
-
From the Control Panel, open Administrative Tools > Services.
-
Display the Properties of Web Server service, and then open the Log On tab.
-
Select the This account radio button, and then specify the general user account. Enter the password that you specified in Creating a general user account correctly. Also specify whether an indefinite expiration period can be specified for the password.
-
Specifying access permissions for directories and files
Add full control permissions for the created general user account to the access permissions for directories and files that Web server accesses.
Starting the service
Start the Web server service by using an account that permission to start services. The general user account does not this permission.