Disable service bypass and set security

Disable service bypass and set security

1. Create a user

"My Computer" <right-click>-à "manage" (displayed)-à "System Tools"-à "local users and groups"-à "user"

On the right side, <right-click> -- à "new user" and fill in the corresponding information in "User Name" and "password" (take Username: kali as an example)

Remove "the next time a user logs on, the password must be changed." the user cannot change the password. "The password never expires ."

<Click> create.

 

2. Set User affiliation

In the newly created user "kali" <right-click> -- à "attribute" -- à "affiliated"

Delete the "Users" user and click "add"-à "Advanced ..." -À "Search now" select "Guests" and "OK", and then confirm in the "affiliated" window.

 

3. Create a folder

Create a folder named "test" under D: \ KALI"

 

In the folder "test" <right-click>-à "property" -- à "security" -- à "advanced"-à "permission", spread the "permission to allow the parent to this object and all sub-objects. include the items explicitly defined here. A dialog box is displayed, select <Delete>, and confirm.

Else --

If the folder is a new folder, you can ignore it here. Here, we mainly take measures for existing folders with relevant permissions:

In the "advanced" dialog box that just popped up, select "owner" to set the currently logged-on user (login with: administrator) as the owner, check Before "Replace sub-container and object owner. <click> "application ".

-- À

Add the following users in "advanced"-à "permission"

The administrator has full control over the system (FTP upload is used, and can be omitted if FTP is not used) iis_iusrs (if the site has not been uploaded, database modification, and other operations, this permission is granted by default. If yes, the user must have the "write" and "read" and "modify" permissions)

 

The newly created user (kali) has full control

 

If the site is an asp.net site, add "network service" again. If the site does not have the upload or database modification operations, this permission is set by default. If yes, the user must have the "write" read "and" modify "permission.

 

Administrator full control, system full control (ftp user), network service asp.net user

Users of their respective sites, such as kali

 

User of a website on the server: full control of system (ftp)

Network service (asp.net user) Modify read write list folder content read and execute 5 select if the site does not upload, database modification and other operations, then this permission is by default, if there is, the user must have the "write" read "and" modify "permission.

Full administrator control

Iis_iusrs (iis user) Modify read write list folder content read and execute 5 select if the site does not upload, database modification and other operations, then this permission is by default, if yes, the user must have the "write" read "and" modify "permission.

Site users such as cccc modify read write list folder content read and execute 5 select if the site does not upload, database modification and other operations, this permission is by default, if there is, the user must have the "write" read "and" modify "permission.

 

4. Create an IIS Site (here is the setting of IIS 6 in System 2003)

Create an IIS Site. Click <right-click> -- à "attribute"-à "Directory Security" on the site and click "edit" in the "authentication and Access Control" area ", -à "Browse" select the newly created account "kali" and fill in the relevant Password

 

Iis7 settings are as follows:

Configure the user interface for anonymous authentication using the UI

Open the IIS manager and navigate to the level you want to manage. For information about how to open IIS manager, see open IIS Manager (IIS 7 ). For information about how to navigate between different locations of the UI, see navigation in IIS Manager (IIS 7 ).

In "function View", double-click "authentication ".

On the "authentication" Page, select "Anonymous Authentication ".

In the actions pane, click Edit to set the security principal that anonymous users use to connect to the site.

In the edit anonymous authentication credential dialog box, select one of the following options:

• If you want to configure