To do this, click Start, click Programs, click Accessories, and then click Windows Explorer. To apply the permissions in the following table, follow these steps: The following table lists the permissions that will be applied when you follow the steps in the "Disable inheritance in system directories" section.
If FrontPage Server Extension Clients such as FrontPage or Microsoft Visual InterDev are being used, open the properties for the %systemdrive%\Inetpub\Wwwroot folder, select the Authenticated Users group, select the following, and then click OK: Repeat this step for the IWAM_ account and the Open the properties for the %systemroot%\Temp folder, select the IUSR_ account (this account is already present because it inherits from the Winnt folder), and then click to select the Modify check box. Open the properties for the %systemroot% folder, click the Security tab, add the IUSR_ and IWAM_ accounts and the Users group, and then make sure that only the following are selected: In the %systemroot% folder, select all folders except the following: Right-click the remaining folders, click Properties, and then click the Security tab.Ĭlick to clear the Allow inheritable permissions check box, click Copy, and then click OK. In the %systemroot%\System32 folder, select all folders except the following: This can cause unnecessary data to be uploaded to your Web server.ĭisable inheritance in system directories Note We do not recommend that you grant NTFS Write permissions to the anonymous account in any directories, including directories used by the FTP service uses.
If you want to grant Write NTFS permission for Inetpub\FTProot or the directory path for your FTP site or sites, repeat step 15. Click the Security tab, add the IUSR_ account and the Users group, and then make sure that only the following are selected: By default, this is the %systemdrive%\Inetpub\Wwwroot folder. Open the properties for the root directory that holds your Web content. Make sure that only the following are selected: Add the account that is used for anonymous access. Open the properties for the %systemdrive%\Program Files\Common Files folder, and then click the Security tab. If you receive the following error message, click Continue:Īn error has occurred applying security information to %systemdrive%\Pagefile.sysĪfter you have reset NTFS permissions, click OK.Ĭlick the Everyone group, click Remove, and then click OK. Right-click the system drive (this is typically drive C), and then click Properties.Ĭlick the Security tab, and then click Advanced to open the Access Control Settings for Local Disk dialog box.Ĭlick the Owner tab, click to select the Replace Owner on Sub containers and Objects check box, and then click Apply. To do this, click Start, click Programs, and then click Grant ownership and permission to the administrator and to the system The following programs and services were installed as part of the test suite that was used to test server security after granting the permissions outlined in this article:įrontPage Server Extensions, such as connecting, editing, and saving, if FPSE is enabled while you use the Lockdown Tool Run the most current version of the IIS Lockdown Tool. Testing steps before the permissions configurations in a production environmentīefore you make permission changes on a production Web server, we recommend that you do the following steps: We recommend that you review the related articles that are specific for the roles of your Web server. You can review server and application documentation for specific security requirements. This article does not consider other Microsoft and third-party products that may require different permissions.
The permission requirements that are described in this article are specific only to the basic permissions for a dedicated Web server that is running IIS 5. Warning This article is only valid for dedicated Web servers that use basic IIS functionality, such as serving HTML static content or simple Active Server Pages (ASP) content.
#Partheus gt manager parent directory how to#
This article describes how to set the minimum permissions that are required for a dedicated Internet Information Services (IIS) 5.0, IIS 5.1, or IIS 6.0 Web server. How to set minimum NTFS permissions and user rights for IIS 5.x or IIS 6.0