Security permission configuration list for running ASP servers

So happy ~~ It is estimated that there will be four days to configure the most secure server permissions for asp program running.

Here, we can only configure the permissions for running asp programs. php and jsp have not been studied yet, but it is estimated that they are similar.

Configuration list of security permissions for running asp servers:

All disks are set to the administrators group first. If you are afraid of another person upgrading the administrator, set it to your own administrator, such as administrator or your name.

C: ---> administraotors Group

C: Program FilesCommon Files ---> administrators Group + everyone (for reading and running, listing folder directories and reading)

C: winntsystem32inetsrv ---> administrators Group + everyone (for reading and running, listing folder directories and reading)

C: winnttemp ---> administrators Group + IUSR_MACHINE (read, write) because the program needs to write like temp, there are other, but errors can be caused by the guests group

The system disk can be configured as above, because after N tests, if this is not the case, Error 500 will occur, or you will be asked to enter the Administrator account and password (in this case, I changed the above everyone account to the IWAM_MACHINE account, and the permission is completely set to allow input, not understanding)

Website list:

D: ---> administrators Group

D: web ---> the administrators group + IUSR_MACHINE (read, write) can also be changed to guests. It is not recommended. If you are using your own server, you only need to write data to the database, while others are reading data, if it is to provide space for others, forget it :)

Analysis:

For system disks, even if common and system32 are accessed to list directories, but they do not have the write permission and cannot upload, they cannot run their own programs. In turn, what can he do to run the system32 program? If you want to be abnormal, set those programs to the permissions you want ..... Next is the temp folder, which only reads and writes data. Think about it. If he uploads a program under it, he cannot run it. What can he do? As a good server administrator, I think he should regularly clear temp files. This is without a doubt.

For web directories, only reading and writing, reading is browsing, and writing is writing (to put it bluntly, it is posting). If you do not have the operation permission, the upload overflow tool will of course cause a URL error or other errors, haha. As mentioned above, if it is your own server, you only need to write data to the database, and read data from others. If it is to provide space for others, forget it :)

Okay, I finally finished it in the morning, abnormal? That's it ~~