Website permission/SQL permission settings for Windows Server security settings

Source: Internet
Author: User
Tags anonymous bind

. WEB site Directory storage permission settings

In IIS, IIS users generally use the Guests Group. The safer method is to create a windows Guests user for each customer and bind the anonymous user executed by IIS

This user

Of course, you can create another independent group dedicated to IIS,
Create a Guests User:
"My Computer" -- "computer management" -- "system tools" -- "local users and groups" -- "users" -- right-click "new user"

As shown in the following figure:

In this way, an iis001 user is created ..

Step 2. WEB directory permission settings:
As shown in the following figure:




In this way, the directory permission of the WEB site becomes
All permissions for administrators
All system permissions
Select advanced for a user (or IUSER) created separately-> open all permissions except full control, traverse folders/run programs, and obtain three permissions of ownership.

Website Directory. Do not give Everyone permission...

Step 3: bind the anonymous user executed by IIS to this user on IIS
Open IIS and website properties, as shown in the following figure:



"Click Directory security" -- "authentication and access control" -- "edit"



That's all you can do...

If there are not many sites on the server and there are forums
We can Upload directories for each forum
Remove the execution permission of this user.
Only read and write permissions
In this way, intruders Upload webshells even if they bypass the Forum file type detection.
It cannot run.

2. ms SQL SERVER2000 delete useless extensions

Go to "SQL query Analyzer". Don't tell me where you don't know where it is ???

Enter the following script:
As shown in the following figure:


In this way, all dangerous extensions in SQL2000 are deleted.
Author: bucket for loading

The code is as follows: Copy code
Use master
Exec sp_dropextendedproc * xp_cmdshell *
Exec sp_dropextendedproc * xp_dirtree *
Exec sp_dropextendedproc * xp_enumgroups *
Exec sp_dropextendedproc * xp_fixeddrives *
Exec sp_dropextendedproc * xp_loginconfig *
Exec sp_dropextendedproc * xp_enumerrorlogs *
Exec sp_dropextendedproc * xp_getfiledetails *
Exec sp_dropextendedproc * Sp_OAcreate *
Exec sp_dropextendedproc * Sp_OADestroy *
Exec sp_dropextendedproc * Sp_OAGetErrorInfo *
Exec sp_dropextendedproc * Sp_OAGetProperty *
Exec sp_dropextendedproc * Sp_OAMethod *
Exec sp_dropextendedproc * Sp_OASetProperty *
Exec sp_dropextendedproc * Sp_OAStop *
Exec sp_dropextendedproc * Xp_regaddmultistring *
Exec sp_dropextendedproc * Xp_regdeletekey *
Exec sp_dropextendedproc * Xp_regdeletevalue *
Exec sp_dropextendedproc * Xp_regenumvalues *
Exec sp_dropextendedproc * Xp_regread *
Exec sp_dropextendedproc * Xp_regremovemultistring *
Exec sp_dropextendedproc * Xp_regwrite *
Drop procedure sp_makewebtask
Go

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.