About the security permissions configuration list

running ASP server, I am very happy~~ I have estimated that there are 4 days to run the asp program, the most secure server permissions are configured. Here is the permission configuration that can only be run for the asp program. , php, jsp have not been studied, but it is estimated that the same is different. About running the asp server security permissions configuration list: All disks are first set to the administrators group, if you are afraid of someone else to upgrade the administrator, you set up your own administrator, such as administrator or your name. C:- -->administraotors group C:Program FilesCommon Files--->administrators group+everyone (for reading and running, listing folder directory, reading) C:winntsystem32inetsrv--->administrators group+everyone (for Read and run, list the folder directory, read) C:winnttemp--->administrators group +IUSR_MACHINE (for reading, writing) Because the program needs to be written like temp, there are other, but the error can be With the guests group about the system disk can be configured as above, because after N tests, if this is not the case, there will be 500 errors, or access to the page will let you enter the administrator account and password (in this case, I am changing the above everyone Become an IWAM_MACHINE account, and the permissions are completely allowed to enter, do not understand) Site list: D:--->administrators group D:web--->administrators group+IUSR_MACHINE(read,write Can also be replaced by guests, not recommended, if it is your own server, then only the database has to write, the other is to read, if it is to provide space for others, then forget:) Analysis: About the system disk to do so Even if common and system32 are accessed, list the directory, but he does not have write permission, can not upload, so can not run his own program, in turn, what can he run the system32 program? If you want to metamorphosis, then Those programs are set to the permissions you want, hehe. . . . . The next one is the temp folder, only read and write, think about it, if he uploads the program below this, he can't run, what can he do? As a good administrator of a server, I think he should There will be no doubt that the temp files will be cleared regularly. About the web directory, only read and write, read as browse, write as write (say, it is posted), no run permissions, upload overflow tool, of course, error URL error or other, huh, huh. Or said above, if it is your own server, only the database has to write, the other is to read, if it is to provide space for others, then forget:) Well, finally finished in the morning, metamorphosis? This way, oh~~