This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Can some help me remediate this security center "Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'"
I have web server (IIS) installed in my VM , The recommended state for this setting is: LOCAL SERVICE, NETWORK SERVICE, but I got 'IIS apppool/DefaultAppPool' along with the recommended.
A Member Server that holds the Web Server (IIS) Role with Web Server Role Service will require a special exception to this recommendation, to allow IIS application pool(s) to be granted this user right
@jagadish karem Thanks for reaching out.
On most computers, restricting the Replace a process level token user right to the Local Service and the Network Service built-in accounts is the default configuration, and there is no negative impact.
However, if you have installed optional components such as ASP.NET or IIS, you may need to assign the Replace a process level token user right to additional accounts.
IIS requires that the Service, Network Service, and IWAM_<ComputerName> accounts be explicitly granted this user right.
Under security center if you do not want to see that recommendation, then you can suppress this alert by using a suppression rule.
You can use this link to create suppression rule for this server recommendation : https://learn.microsoft.com/en-us/azure/security-center/alerts-suppression-rules
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.
I don't see an option to create suppression rule for the security configurations.
@jagadish karem Are you able to see the take action option when you select any Alert like in video shared on the above link ?
IIts a security recommendation for
@jagadish karem Apologies for that, You cannot suppress a security recommendation as of now. You will need to follow : https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token in order to remediate this.
In the security recommendation description they mentioned we should provide a "special exception to this recommendation" for machines with IIS, can you guide me how it can be done
Sign in to comment