Website permission/SQL permission settings for Windows Server security settings

. WEB site Directory storage permission settings

In IIS, IIS users generally use the Guests Group. The safer method is to create a windows Guests user for each customer and bind the anonymous user executed by IIS

This user

Of course, you can create another independent group dedicated to IIS,
Create a Guests User:
"My Computer" -- "computer management" -- "system tools" -- "local users and groups" -- "users" -- right-click "new user"

As shown in the following figure:

In this way, an iis001 user is created ..

Step 2. WEB directory permission settings:
As shown in the following figure:




In this way, the directory permission of the WEB site becomes
All permissions for administrators
All system permissions
Select advanced for a user (or IUSER) created separately-> open all permissions except full control, traverse folders/run programs, and obtain three permissions of ownership.

Website Directory. Do not give Everyone permission...

Step 3: bind the anonymous user executed by IIS to this user on IIS
Open IIS and website properties, as shown in the following figure:



"Click Directory security" -- "authentication and access control" -- "edit"



That's all you can do...

If there are not many sites on the server and there are forums
We can Upload directories for each forum
Remove the execution permission of this user.
Only read and write permissions
In this way, intruders Upload webshells even if they bypass the Forum file type detection.
It cannot run.

2. ms SQL SERVER2000 delete useless extensions

Go to "SQL query Analyzer". Don't tell me where you don't know where it is ???

Enter the following script:
As shown in the following figure:


In this way, all dangerous extensions in SQL2000 are deleted.
Author: bucket for loading

The code is as follows:

Copy code

Use master Exec sp_dropextendedproc * xp_cmdshell * Exec sp_dropextendedproc * xp_dirtree * Exec sp_dropextendedproc * xp_enumgroups * Exec sp_dropextendedproc * xp_fixeddrives * Exec sp_dropextendedproc * xp_loginconfig * Exec sp_dropextendedproc * xp_enumerrorlogs * Exec sp_dropextendedproc * xp_getfiledetails * Exec sp_dropextendedproc * Sp_OAcreate * Exec sp_dropextendedproc * Sp_OADestroy * Exec sp_dropextendedproc * Sp_OAGetErrorInfo * Exec sp_dropextendedproc * Sp_OAGetProperty * Exec sp_dropextendedproc * Sp_OAMethod * Exec sp_dropextendedproc * Sp_OASetProperty * Exec sp_dropextendedproc * Sp_OAStop * Exec sp_dropextendedproc * Xp_regaddmultistring * Exec sp_dropextendedproc * Xp_regdeletekey * Exec sp_dropextendedproc * Xp_regdeletevalue * Exec sp_dropextendedproc * Xp_regenumvalues * Exec sp_dropextendedproc * Xp_regread * Exec sp_dropextendedproc * Xp_regremovemultistring * Exec sp_dropextendedproc * Xp_regwrite * Drop procedure sp_makewebtask Go