This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 11%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Can some help me remediate this security center "Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'"
I have web server (IIS) installed in my VM , The recommended state for this setting is: LOCAL SERVICE, NETWORK SERVICE, but I got 'IIS apppool/DefaultAppPool' along with the recommended.
A Member Server that holds the Web Server (IIS) Role with Web Server Role Service will require a special exception to this recommendation, to allow IIS application pool(s) to be granted this user right
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@jagadish karem Thanks for reaching out.
On most computers, restricting the Replace a process level token user right to the Local Service and the Network Service built-in accounts is the default configuration, and there is no negative impact.
However, if you have installed optional components such as ASP.NET or IIS, you may need to assign the Replace a process level token user right to additional accounts.
IIS requires that the Service, Network Service, and IWAM_<ComputerName> accounts be explicitly granted this user right.
Under security center if you do not want to see that recommendation, then you can suppress this alert by using a suppression rule.
You can use this link to create suppression rule for this server recommendation : https://learn.microsoft.com/en-us/azure/security-center/alerts-suppression-rules
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.
I don't see an option to create suppression rule for the security configurations.
@jagadish karem Are you able to see the take action option when you select any Alert like in video shared on the above link ?
IIts a security recommendation for 
@jagadish karem Apologies for that, You cannot suppress a security recommendation as of now. You will need to follow : https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token in order to remediate this.
In the security recommendation description they mentioned we should provide a "special exception to this recommendation" for machines with IIS, can you guide me how it can be done
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 69%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPO%3C/text%3E%3C/svg%3E)
Did you find a way to resolve this??