Windows Server Web Edition - IIS writing with NO PERMISSIONS SET!
I've just got a simple question about Windows Server 2003 Web Edition and IIS.
I haven't set any permissions on ANY files at all, and I notice that my ASP scripts run fine and write to required files WITHOUT ME SETTING PERMISSIONS. Is this something to be worried about or is this normal Web Edition behavior? I notice that all folders on this hard drive have (the data hard drive, not the system hard drive) have inherited the Authenticated Users group in the security tab from the drive's permissions. I've not seen this before. Is this normal? I've used Server 2003 Standard a lot and not seen this, but I'm new to Web Edition.
Again, the IUSR account can apparently write WITHOUT ME SETTING PERMISSIONS. Please explain.
Thanks!
I haven't set any permissions on ANY files at all, and I notice that my ASP scripts run fine and write to required files WITHOUT ME SETTING PERMISSIONS. Is this something to be worried about or is this normal Web Edition behavior? I notice that all folders on this hard drive have (the data hard drive, not the system hard drive) have inherited the Authenticated Users group in the security tab from the drive's permissions. I've not seen this before. Is this normal? I've used Server 2003 Standard a lot and not seen this, but I'm new to Web Edition.
Again, the IUSR account can apparently write WITHOUT ME SETTING PERMISSIONS. Please explain.
Thanks!
Blaz
There is one thing I couldn't clearly get from your question: is the problem only that you didn't set the permissions yourself or is the problem that IUSR can write on a folder in which he has no permissions ?
ASKER
The problem is that I didn't set the permissions myself AND that IUSER can write to a folder where no permissions are explicitly defined. The permissions on the folder are as follows:
Administrators (group) - Full Control
Authenticated Users (group) - everything except full control
SYSTEM - Full Control
Users (group) - Read & Execute, List Folder Contents, Read
IUSR_machinename is nowhere on the list but it can still write to the folder!
What's going on??? I'm so confused...
Administrators (group) - Full Control
Authenticated Users (group) - everything except full control
SYSTEM - Full Control
Users (group) - Read & Execute, List Folder Contents, Read
IUSR_machinename is nowhere on the list but it can still write to the folder!
What's going on??? I'm so confused...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hmmm... that's what I figured, but that still doesn't explain how the ROOT of the DRIVE, not just the folder, got Authenticated Users in the NTFS permissions.... The C: drive doesn't have it there, only my data drive.
Also, what path do you suggest taking to secure the wwwroot? Scripts not requiring Write permissions will still be able to function even if the Authenticated Users group is removed from the folder, right? I can then apply the Authenticated Users group to approriate folders, is this right too?
Also, how do I change the default permissions for the Authenticated Users group -- I can't find it in the local security policy / computer management snap ins.
Also, what path do you suggest taking to secure the wwwroot? Scripts not requiring Write permissions will still be able to function even if the Authenticated Users group is removed from the folder, right? I can then apply the Authenticated Users group to approriate folders, is this right too?
Also, how do I change the default permissions for the Authenticated Users group -- I can't find it in the local security policy / computer management snap ins.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Blaz!