tags:

views:

1774

answers:

3
+2  Q: 

Should the Network Service Account receive temp file permissions by default?

Recently I was working with generating a PDF from Crystal Reports through a webform. It was failing, which I determined to be caused by the permissions settings on the c:\windows\temp dir. I gave the Network Service account full access to this folder, which promptly fixed the issue. But is there a reason the Network Service account didn't have these permissions by default?

Rick Strahl asks this question here. It sounds like there shouldn't be any issues with doing this, but Rick wasn't clear on why the default is set that way.

Web Server is Windows Server 2003

+1  A: 

These days, the default option will tend to be the more secure one. I don't think there's any other reason.

I've had the same issue as you, and in my environment just gave the permission and moved on.

This post suggests it is the fault of Crystal Reports, which is explicitly referencing %WINDIR%\Temp instead of using an API such as Path.GetTempPath(). In fact I have seen Path.GetTempPath() return %WINDIR%\Temp when running under the Network Service account on Windows 2003.

Joe  2008-10-03 17:42:05
I agree, but when I ask my network admins to do things like this they like to lay the burden of proof on me, and tell me things like "they probably had a reason for doing such an such"
Brian Vander Plaats  2008-10-03 18:15:53
Network admins, dontcha love 'em :)
Joe  2008-10-03 21:31:01
A: 

%windows%\temp is not for general temp'ing and barfing around. It is crystal clear that Crystal Reports is abusing that directory. This happens a lot when developers are too lazy to boot up their machines with anything but an admin account.

Every user (including Network Service) has their own temp space, with full access rights, under Documents & Settings. Winners don't act like CR, and use their own temp spaces.

In short, there is nothing wrong with default permissions on win\temp. I believe it is simply meant for Windows' internal workings. (Then again, it would be much better for everyone concerned, if that directory never existed in the first place.)

Ishmaeel  2008-10-05 17:38:42
-1: Under some circumstances I've seen Path.GetTempPath method return the %WINDIR%\Temp directory when running under Network Service account on W2003. It's not just CR - this can cause other problems, e.g. XmlSerializer failing to generate a temporary class.
Joe  2008-10-06 20:20:58
Brian Vander Plaats  2008-10-06 20:38:24
+1  A: 

This post on creating temp files has comments that support using the windows temp folder.

An msdn article on using the Network Service account states that "if your ASP.NET application needs to use files or folders in other locations, you must specifically enable access" This tells me that the default restriction to the temp folder isn't because the temp folder was singled out, but that all other locations besides the IIS root folder are restricted by default.

Brian Vander Plaats  2008-10-07 20:41:39

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps