Configuring User Rights for Nondefault Identities to Run CGI Processes

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

IIS 6.0 worker processes use the CreateProcessAsUser API to start CGI processes. The CreateProcessAsUser API must have the SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME user rights to succeed. The Network Service, Local Service, and LocalSystem user accounts have these user rights. If you change the identity of a worker process and want to run CGI processes, ensure that the new identity has these two user rights.

To assign user rights to an account on the local computer

1. From the Start menu, point to Administrative Tools, and then click Local Security Policy.

2. In the Local Security Settings dialog box, double-click Local Policies, and then double-click User Rights Assignment.

3. In the details pane, double-click Adjust memory quotas for a process. This is the SE_INCREASE_QUOTA_NAME user right.

4. Click Add User or Group, and, in the Enter the object names to select box, type the user or group name to which you want to assign the user right, and then click OK.

5. Click OK again, and then, in the details pane, double-click Replace a process level token. This is the SE_ASSIGNPRIMARYTOKEN_NAME user right.

6. Click Add User or Group, and, in the Enter the object names to select box, type the user or group name to which you want to assign the user right, and then click OK.