Click here to Skip to main content
15,792,397 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
For windows server hardening, can we delete the trusted installer account from the inetpub\wwwroot folder? What happens when we try to install new packages to inetpub after that

What I have tried:

Since it is a production server and don't have a test server to test this, I am not able to make a decision.
Updated 6-Jun-23 7:02am
Richard Deeming 6-Jun-23 3:41am    
What precisely are you trying to do? TrustedInstaller is a system account designed to protect your files. Messing with its permissions is unlikely to increase security on your server.

1 solution

The TrustedInstaller account is used by Windows to install modules, packages, features, updates, and the like. TrustedInstaller is given admin permissions to the root of the IIS applications folder, inetpub. Everything under it inherits that permission from there.

You COULD explicitly remove the TrustedInstaller permissions from your app folder, but you're not really gaining anything in the way of security. The account isn't used by IIS when running applications. What it may be used for is when installing/deploying your web app or updating it, but that's dependent on what needs to be installed for your app. You may not be able to install it without TrustedInstaller permissions being applied to the folder.
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900