Server Security Settings Tutorial: Hard Disk permission settings

Here we will focus on the required permissions, that is, the permissions required for the final folder or hard disk, which can defend against various Trojan intrusions, Elevation of Privilege attacks, and cross-site attacks. This instance has been tested for many times, and the security performance is very good. The server is basically not threatened by Trojans.

Hard disk or folder:C :\ D :\ E :\ F :\And so on
Main permissions:		Other permissions:
Administrators	Full Control	None If you have installed other runtime environments, such as PHP, you can set hard disk permissions according to the functional requirements of the PHP environment. Generally, the installation directory and users read and run permissions are sufficient, such as c: \ php adds the users read and run permissions when the root directory permission is inherited. To write data such as the tmp folder, add the write and delete permissions of users, then, the read permission of the VM user is denied. For mysql, running MYSQL with an independent user is more secure. If it is winwebmail, it is best to establish an independent application pool and independent IIS users, and then the entire installation directory has the Read/run/Write/permission of the users user, while the IIS users are the same, this IIS user only needs to access winwebmail WEB. Other IIS sites are not used. The server hard disk permission setting with winwebmail installed is shown in the following example.
	This folder, subfolders, and files
	<Not inherited>
CREATOR OWNER	Full Control
	Only subfolders and files are available.
	<Not inherited>
SYSTEM	Full Control
	This folder, subfolders, and files
	<Not inherited>

Hard disk or folder:C: \ Inetpub \
Main permissions:		Other permissions:
Administrators	Full Control	None
	This folder, subfolders, and files
	<Inherit from c :\>
CREATOR OWNER	Full Control
	Only subfolders and files are available.
	<Inherit from c :\>
SYSTEM	Full Control
	This folder, subfolders, and files
	<Inherit from c :\>

Hard disk or folder:C: \ Inetpub \ AdminScripts
Main permissions:		Other permissions:
Administrators	Full Control	None
	This folder, subfolders, and files
	<Not inherited>
SYSTEM	Full Control
	This folder, subfolders, and files
	<Not inherited>

Hard disk or folder:C: \ Inetpub \ wwwroot
Main permissions:		Other permissions:
Administrators	Full Control	IIS_WPG	Read run/list folder directories/read
	This folder, subfolders, and files		This folder, subfolders, and files
	<Not inherited>		<Not inherited>
SYSTEM	Full Control	Users	Read run/list folder directories/read
	This folder, subfolders, and files		This folder, subfolders, and files
	<Not inherited>		<Not inherited>
Add the virtual host User Group Same permissions as Internet guest accounts Deny Permissions		Internet Guest Account	Create File/Write Data/: Reject Create a folder/append data/: Reject Write attribute/: Reject Write extended attributes/: Reject Delete subfolders and files/: Reject Delete/: Reject
			This folder, subfolders, and files
			<Not inherited>

Hard disk or folder:C: \ Inetpub \ wwwroot \ aspnet_client
Main permissions:		Other permissions:
Administrators	Full Control	Users	Read
	This folder, subfolders, and files		This folder, subfolders, and files
	<Not inherited>		<Not inherited>
SYSTEM	Full Control
	This folder, subfolders, and files
	<Not inherited>

Hard disk or folder:C: \ Documents ents and Settings
Main permissions:		Other permissions:
Administrators	Full Control	None
	This folder, subfolders, and files
	<Not inherited>
SYSTEM	Full Control
	This folder, subfolders, and files
	<Not inherited>

Hard disk or folder:C: \ Documents ents and Settings \ All Users
Main permissions:		Other permissions:
Administrators	Full Control	Users	Read and run
	This folder, subfolders, and files		This folder, subfolders, and files
	<Not inherited>		<Not inherited>
SYSTEM	Full Control	The permissions of the USERS Group are only limited to reading and running, The write permission cannot be added.
	This folder, subfolders, and files
	<Not inherited>

Hard disk or folder:C: \ Documents ents and Settings \ All Users \ Start Menu
Main permissions:		Other permissions:
Administrators	Full Control	None
	This folder, subfolders, and files
	<Not inherited>
SYSTEM	Full Control
	This folder, subfolders, and files
	<Not inherited>

Hard disk or folder:C: \ Documents ents and Settings \ All Users \ Application Data
Main permissions:		Other permissions:
Administrators	Full Control	Users	Read and run
	This folder, subfolders, and files		This folder, subfolders, and files
	<Not inherited>		<Not inherited>
CREATOR OWNER	Full Control	Users	Write
	Only subfolders and files are available.		This folder, subfolders
	<Not inherited>		<Not inherited>
SYSTEM	Full Control	The two parallel permissions must be separated from the user group.
	This folder, subfolders, and files
	<Not inherited>

Hard disk or folder:C: \ Documents ents and Settings \ All Users \ Application Data \ Microsoft
Main permissions:		Other permissions:
Administrators	Full Control	Users	Read and run
	This folder, subfolders, and files		This folder, subfolders, and files
	<Not inherited>		<Not inherited>
SYSTEM	Full Control	This folder contains Microsoft Application Status data

1. Brief Introduction to knowledge about Linux Server hacking
2. Analysis of Three entry points of Enterprise Server Security Protection
3. The most important aspect of security in the Information Age: server hard defense