IIS server permissions under WINDOWS

Foreword: mainly based on the IIS server permissions settings under WINDOWS such security settings are limited to ASP scripts can run normally. Topic: delete X or \\Inetpub in the permissions settings Restore the hidden file to a displayable state before the operation. System disk permission setting c: Right mouse button [Properties] [Security] [Advanced] [Permissions] permission item gives [SYSTEM/Administrator] full control permission in [Reset] Permissions for all child objects and allow for inheritable permissions to be propagated] Tick [Apps] Other disks do the same as above 1. Permission Assignment First create a user group IIS-USERS assigns client users to this group and IIS starts user directory permissions Set C:SYSTEM/Admin: Full Control C:\\WINNTIIS_USERS: Go to [Advanced] and select IIS_USERS[View/Edit] to apply to [Only this folder] permission: List folder/read data and remove inheritance in C :\\WINNT\\ directory under all folders and file permissions set to [SYSTEM/Admin] and remove the inheritance in the following folder permissions set C:\\WINNT\\RegistrationC:\\WINNT\\system32IIS_USERS: Read and run Out of the folder directory read C:\\WINNT\\TempIIS_USERS: Go to [Advanced] and select IIS_USERS[View/Edit] to apply to [Only this folder] permission: Create file/write data read permission and remove inheritance in C: Set all folder permissions under the \\WINNT\\SYSTEM32\\ directory to [SYSTEM/Admin] and remove the inheritance. Set the folder permissions under the SYSTEM32 directory to C:\\WINNT\\system32\\inetsrvIIS_USERS: Read and run the listed files. Folder directory read to remove the inheritance C:\\WINNT\\system32\\inetsrv\\iisadmpwdC: \\WINNT\\system32\\inetsrv\\MetaBackC:\\WINNT\\system32\\inetsrv\\iisadminC:\\WINNT \\system32\\inetsrv\\DataSYSTEM/Admin: Full control and Remove the inheritance C:\\Program Files\\Common Files\\SystemIIS_USERS: Read and run the listed folder directory to read and remove the inheritance. If you install Rising Antivirus, you need to do the following operations: C:\\Program Files\\Rising\\RavRavScrch.dll file settings Permissions for IIS_USERS: Read and run read If you install Kabbah antivirus you need to do the following: C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal Proscrchpg.dll file setting permissions for IIS_USE RS: Read and run the read and some anti-virus software also replaces the IIS vbscript.dll file with the vbscript.dll file that comes with the anti-virus software. If you use other anti-virus software, you also need to replace the IIS vbscript.dll file. Set the replacement vbscript.dll file permissions to IIS_USERS: read and run the list folder directory read 2. file permissions set the file permissions under the SYSTEM32 directory to [SYSTEM/Admin] full control and remove the inherited at.execmd .execommand.comcacls.execscript.exedebug.exeftp.exetftp.exenet.exenet1.exenetsh.exenbtstat.exenetstat.exequser.exeregsvr32.exehostname.exewscript.exeping.exepathping.exeipconfig.exeiisreset.exelogoff.exesetreg.exesetpwd.exetelnet.exe at The following file permissions are set to SYSTEM and administrator and remove the inheritance C:\\WINNT\\system32\\wshom.ocxC:\\WINNT\\system32\\wshext.dllC:\\WINNT\\system32\\scrrun.dll [optional he corresponds to FSO]3 The registry settings are removed or renamed to the following entry in the registry and the associated classid value WScript.ShellWScript.Shell.1WSCRIPT.NETWORKWSCRIPT.NETWORK.1Shell.applicationShell.application.14. Uninstall The object is unloaded in CMD. The wscript.shell object regsvr32 /u wshom.ocxregsvr32 /u wshext.dll uninstall FSO object [optional but recommended uninstall] regsvr32 /u %windir%\\system32\\scrrun.dll5.IISWEB site directory permissions settings Create a new IISWEB site, add a new user such as IIS_USER0001 to add the IIS_USERS group to this user's membership. Note that this user belongs to only the other groups in the IIS_USERS group are deleted, in the corresponding IISWEB site directory found in D :\\www\\test001\\ Give this directory permission for IIS_USER0001: Read/Write, modify the internal user to IIS_USER0001 user in the anonymous access account to IIS, delete the IIS extension mapping, right click [Web Site → attribute → home directory → configuration], open the application window, remove all mappings only keep ASP /ASA on it, you must delete these mappings for each site, OK, multiple sites use the same way To set permissions for multiple sites. 6. Default site settings There will be a default site after installing IIS. If you use the default site to do the site, you need to use all the virtual files that come with the default site. Record the following virtual directory. ScriptsIISHelpIISAdminIISSamplesMSADCPrinters This setting can be used to run ASP programs under Windows2000 Server. I also tested some ASP programs, such as 2005SP2, DVBBS7.1, BBSXP6.0, 6KBBS7.0, etc. The program can run normally