The Setup:

We have SQL Server, Analysis Services, and Reporting Services all running on
a W2K3 Enterprice machine, which we are also using as a web server (we plan
to separate functionality in the furture). We have a Web app (VS .NET) that
was pulling data from the local Analysis Services using the old (COM-based)
ADOMD, which I am in the process of switching to ADOMD.NET. (The app is
essnetially a front end for the Reporting Services with a security extension
that uses Forms authentication)

The question:

I was surprised that the connection string used to create the
AdomdConnection object did not require any login credentials. After some
investigation, I discovered it is connecting as the NT AUTHORITY\NETWORK
SERVICE user. This user was in one of the roles on the database in Analysis
Services (I believe it was there as part of the IIS_WPG group so that
Reporting Services could access the Cubes). How secure is this account? Is
it possible to impersonate that account from another machine in order to
access the data in Analysis Services?

Thanks,
Terry