Search This Blog

Friday, December 16, 2016

IIS security

If you have an account like contoso\sharepoint-farm  in your IIS be aware that you can run locally appcmd command and obtain the password in clear text.  Message: never use powerfull accounts in IIS. There are some people that use Domain Admin accounts there.