I enabled IIS and ASP.NET on my Windows 2003 server and wasn't clear on the optimal permissions needed on my wwwroot. The reason I ask is because there are permissions for users on my web folder that I never put on there. It seems they appeared after I installed IIS and ASP.NET. Can someone please explain to me what these are and if they are neccessary. I'm just concerned that someone maliciously put them there. Here are the users I don't understand:
IIS_WPG
INTERACTIVE
NETWORK
NETWORK SERVICES
OWS_393905354_admin
They all have permissions of List Folder Contents and Special->Files Only->(Allow List Folder, Read Attribute, Read Extended Attributes, and Read Permissions), except for IIS_WPG which has Read & Execute, List Folder Contents, and Read. The only other users I have are Administrator and SYSTEM which have full control, and USERS which have Read & Execute, List Folder Contents, and Read. I just want to make sure that my web folder has optimal security permissions before going public. I would appreciate anyone shedding light on this for me. Thanks in advance for all the help.
Start Free Trial
