0

Our small Windows Active Directory domain is undergoing a security review by our grandparent company. I am the Domain Administrator of this domain of about 25 Win2K3, Win2K8, Enterprise & Standard machines. One problem discovered was the old lm hash vulnerability even though the standard Group Policy setting fix has been implemented since at least 2006.

According to the security review; the ASPNET account is vulnerable on several machines. All I need to do to correct this is reset the password, even if to the same password.

I have been researching this and have found no way to do this. This only thing I can think of is a shotgun approach of uninstalling and reinstalling .Net Framework versions using aspnet_regiis.exe. Even then I'm not sure that would work.

I am open to any and all suggestions as to how to accomplish this task.

Felix Frank
  • 3,063
  • 1
  • 15
  • 22
Steven
  • 1

2 Answers2

0

Open your "machine.config" file and check search for a line starting with: "<processModel". What does the "password" attribute of this tag say? Here is what it should look like:

<processModel userName="Machine" password="AutoGenerate" />

Change it to AutoGenerate and restart the webserver (actually you can restart a couple of services instead, but this is cleaner). Check this article for details: http://msdn.microsoft.com/en-us/library/vstudio/dwc1xthy(v=vs.100).aspx

PS: If you are using farm or load-balanced web servers where apps share sessions across servers, then you would need to consider a "pre-shared machine key". Check this article for details: http://technet.microsoft.com/en-us/library/cc755177(v=ws.10).aspx

0

Thanks for your answer. It turns out I had to save the script mapping to a text file, uninstall all versions of asp.net on the machines and reinstall asp.net, then replace the script mapping. I may have been overkill, but that's what it took using aspnet_regiis.exe.

Best Regards, Steven

user226165
  • 1