ASP. NET ASPXSpy Security Settings (ultimate and general defense)

Comments: The ultimate defense (javasshell, IIS Spy, Process, Services, UserInfo, SysInfo, and RegShell) may affect the normal operation of some websites. Please test the website without any problems before using this method. Ultimate defense (javasshell, IIS Spy, Process, Services, UserInfo, SysInfo, RegShell)
It may affect the normal operation of some websites. Please test the website to use this method without any problems.
Website ASP. NET version switched to 2.0.50727
C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ CONFIG \ web. config
<Location allowOverride = "true"> change to <location allowOverride = "false">
<Trust level = "Full" originUrl = ""/> change to <trust level = "High" originUrl = ""/>
C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ CONFIG \ web_hightrust.config
Delete <SecurityClass Name = "RegistryPermission" Description = "System. Security. Permissions. RegistryPermission, mscorlib, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b77a5c561934e089"/>
----------------------------------------------------------------------------
----------------------------------------------------------------------------
General Defense (Process and RegShell cannot be disabled in the following methods. We have learned that the off-star virtual host management system is not disabled)
1. Disable cross-site and Services (4 is also feasible)
Create a system user for each website, such as web_xxx, and only belong to the Guests and IIS_WPG groups.
Create a website folder xxx and add the web_xxx permission.
Create an application pool xxx, properties-ID-configuration, and enter the web_xxx account password.
Create a website xxx, properties-home directory-application pool, and select xxx. Property-home directory-Directory Security-edit, enter the web_xxx account password.
2. Disable shell.
Principle: The Folder does not grant the write permission to the running permission, or the running permission to the write permission.
The permission must be applied to all subdirectories.

Website folder configuration permission is generally the default system disk folder, web_xxx does not have the write permission, so you only need to modify some folders. In addition, you need to check and modify the folder created by yourself or the folder generated by software installation according to the "principle. Some executable folders C: \ InetpubC: \ RECYCLERC: \ wmpubC: \ phpC: \ Documents and Settings \ All Users \ Application Data \ C are as follows: \ Documents and Settings \ All Users \ Documents \ C: \ WINDOWS \ Temp \ C: \ WINDOWS \ IIS Temporary Compressed FilesC: \ WINDOWS \ system32 \ MicrosoftPassportC: \ WINDOWS \ Microsoft. NET \ Framework \ v1.1.4322 \ Temporary ASP. NET FilesC: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727 \ Temporary ASP. NET FilesC: \ WINDOWS \ system32 \ ine Tsrv \ ASP Compiled TemplatesC: \ Program Files \ Zend \ ZendOptimizer-3.3.0 at least cancel the operation permissions of the non-Administrators Group, as to let the write, free play. In addition, scan ScanRegFindWrite. aspx to check whether there are other writeable folders. If so, check whether these writeable folders have the execution permission. If so, remove the execution permission. 3. Disable IIS Spy
C: \ WINDOWS \ system32 \ activeds. tlb
Only "full control" is given to the Administrators group and SYSTEM group, and other user groups are deleted. Restart IIS to take effect.
4. Disable Services (1 is also feasible), UserInfo, and SysInfo.
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
Only "full control" is given to the Administrators group and SYSTEM group, and other user groups are deleted. Restart IIS to take effect.