We help IT Professionals succeed at work.

Windows Server Web Edition - IIS writing with NO PERMISSIONS SET!

150 Views
Last Modified: 2010-04-20
I've just got a simple question about Windows Server 2003 Web Edition and IIS.

I haven't set any permissions on ANY files at all, and I notice that my ASP scripts run fine and write to required files WITHOUT ME SETTING PERMISSIONS. Is this something to be worried about or is this normal Web Edition behavior? I notice that all folders on this hard drive have (the data hard drive, not the system hard drive) have inherited the Authenticated Users group in the security tab from the drive's permissions. I've not seen this before. Is this normal? I've used Server 2003 Standard a lot and not seen this, but I'm new to Web Edition.

Again, the IUSR account can apparently write WITHOUT ME SETTING PERMISSIONS. Please explain.

Thanks!
Comment
Watch Question

Commented:
There is one thing I couldn't clearly get from your question: is the problem only that you didn't set the permissions yourself or is the problem that IUSR can write on a folder in which he has no permissions ?
CERTIFIED EXPERT

Author

Commented:
The problem is that I didn't set the permissions myself AND that IUSER can write to a folder where no permissions are explicitly defined. The permissions on the folder are as follows:

Administrators (group) - Full Control
Authenticated Users (group) - everything except full control
SYSTEM - Full Control
Users (group) - Read & Execute, List Folder Contents, Read

IUSR_machinename is nowhere on the list but it can still write to the folder!

What's going on??? I'm so confused...
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Author

Commented:
Hmmm... that's what I figured, but that still doesn't explain how the ROOT of the DRIVE, not just the folder, got Authenticated Users in the NTFS permissions.... The C: drive doesn't have it there, only my data drive.

Also, what path do you suggest taking to secure the wwwroot? Scripts not requiring Write permissions will still be able to function even if the Authenticated Users group is removed from the folder, right? I can then apply the Authenticated Users group to approriate folders, is this right too?

Also, how do I change the default permissions for the Authenticated Users group -- I can't find it in the local security policy / computer management snap ins.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Author

Commented:
Thanks Blaz!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.