The vast majority of virtual hosts now have the standard component of ASP disabled: FileSystemObject, because this component provides ASP with powerful file system access to read, write, copy, and delete any file on the server's hard drive. , renamed and other operations (of course, this can be done under the default settings of Windows NT /2000). However, after disabling this component, the consequence is that all ASPs that utilize this component will not be able to run and will not be able to meet the needs of the customer.
How to allow the FileSystemObject component without affecting the security of the server (ie: can not use the component to read and write other people's files between different virtual host users)? Here is a method I have obtained in the experiment. The following is an example of Windows 2000 Server.
Open the resource manager on the server, right-click the drive letter of each hard disk partition or volume, select "Properties" in the pop-up menu, select the "Security" tab, then you can see which accounts are available. Access this partition (volume) and access rights. After the default installation, "Everyone" has full control. Click "Add", add "Administrators", "Backup Operators", "Power Users", "Users" and other groups, and give "Full Control" or the corresponding permissions, be careful not to give the "Guests" group, "IUSR_machine name" account for any permissions. Then delete the "Everyone" group from the list, so that only authorized groups and users can access the hard disk partition, and ASP executes the access to the hard disk as "IUSR_machine name", which is not given here. User account permissions, ASP can not read and write files on the hard disk.
The next thing to do is to set up a separate user account for each virtual host user, and then assign each account a directory that allows it full control.
As shown in the figure below, open "Computer Management" → "Local Users and Groups" → "Users", right click in the right column, select "New User" in the pop-up menu:
In the pop-up "New User" dialog box, enter "User Name", "Full Name", "Description", "Password", "Confirm Password" according to actual needs, and "User must change password before logging in next time" Remove the checkmark and check "User cannot change password" and "Password never expires". In this example, the built-in account "IUSR_VHOST1" for anonymous access to the Internet information service is established for the user of the first virtual host, that is, all clients use http://***.***.***x/to access this virtual When the host is hosted, it is accessed in this identity. Once the input is complete, click "Create". You can create multiple users according to actual needs. Click “Close” after creation:
Now that the newly created user has appeared in the account list, double-click the account in the list to further set it: < Br>
In the pop-up "IUSR_VHOST1" (ie the new account just created) properties dialog box, click the "Affiliate" tab:
The newly created account belongs to "Users" by default. Group, select the group, click "Delete":
Now appears as shown below, then click "Add":
In the pop-up "Select Group" dialog box Find "Guests", click "Add", this group will appear in the text box below, then click "OK":
appears as shown below, click "OK" to close this Dialog box:
Open "Internet Information Service" and start setting up the virtual host. In this example, the "First Virtual Host" setting is taken as an example. Right click on the host name and pop up. Select "Properties" from the menu:
Pop up a "First Virtual Host Attribute" Dialog box, you can see from the dialog box that the virtual host user is using the folder "F:\\VHOST1":
For the moment, regardless of the "First Virtual Host Properties" dialog box, switch Go to the "Explorer" and find "F:\\VHOST1" (the original is to modify this directory only, I think it is still the entire permission of the entire drive letter, increase the administrators group, better) this folder, right click Select "Properties" → "Security" tab, you can see that the default security setting of this folder is "Everyone" full control (the content displayed in different situations is not exactly the same), first of all will be the next "allow The inherited inheritance from the parent is propagated to the object. The preceding checkmark is removed:
will be the "Administrator" as shown in the figure (originally written as administrator but I think it should be the administrators group, compare Good) and the new account "IUSR_VHOST1" created in the previous section will be given full control, and other groups or users can be added according to actual needs, but must not be "Guests" "Group, "IUSR_machine name" these anonymous access accounts are added!
Then switch to the "First Virtual Host Properties" dialog box opened earlier, open the "Directory Security" tab, click "Edit" for anonymous access and verification control:
The "Verification Method" pop-up box (as shown below), click "Edit":
The "Anonymous User Account" pops up. The default is "IUSR_machine name", click "Browse": Br>
In the "Select User" dialog box, find the new account "IUSR_VHOST1" created in the previous section, double-click:
At this point, the anonymous user name is changed, enter the front in the password box. When creating, the password set for the account:
Determine the password again:
OK, done, click OK to close these dialogs.
After this setting, the user of the "first virtual host" can only access its own directory using the FileSystemObject component of ASP: the content under F:\\VHOST1, when trying to access other content, such as "No Errors such as "Permissions", "Hard Disk Not Ready", "500 Server Internal Error", etc.
Another: If the user needs to read the partition capacity of the hard disk and the serial number of the hard disk, then such a setting will make it impossible to read. If you want to allow it to read the contents related to the entire partition, right click on the partition (volume) of the hard disk, select "Properties" → "Security", add the user's account to the list, and at least give "read" "Permissions. Since the subdirectories under this volume have been set to "Prohibit the propagation of inheritable permissions from the parent to this object", the permissions settings for the subdirectories below are not affected.
If you don't understand, you can communicate with this site! !
Nowadays, hackers are increasingly scrambling. It can be said that there is no lo
Mount data disk 1, start the lower server manager in the lower left corner of the taskbar, select st
This article mainly describes the IIS not found provider The program may not be installed correctly
Double hot standby is a backup technology made by the temporary failure of the ser
IIS troubleshooting guide and error code full
Serv-u port number modification method
DNS resolution service method and error resolution method
Apache server configuration Web page access permissions
Domain name resolution process
Database as the core x86 processor selection three considerations
Win8 Notebook Open Camera Tips
Win7 adjust disk partition size tutorial
Windows 8 system how to open and disable the administrator account method
How to set display thumbnails in win7 system
Simple operation to manually clear the Win8 system Windows.old file
How to disable the gesture function in the Windows 8 system
Win10 Tips: Use the "Photos" app to edit videos, add special effects
Tip: XP interface can also be modified at will
Solution after failing Windows 7 shared files
"Terminal server exceeds the maximum number of allowed connections" solution