You can read, write, copy, delete, rename, and so on any file on the server's hard disk (this, of course, is done under Windows nt/2000 with the default settings). But when this component is blocked, the result is that all the ASPs that utilize this component will not be able to run and meet the needs of the customer.
How can you allow both the FileSystemObject component and the security of the server (that is, you cannot use the component to read or write to other people's files between different virtual host users)? Here is a description of the method I obtained in the experiment, the following is illustrated by Windows Server.
Open Explorer on the server, right-click on each hard disk partition or volume, select Properties from the pop-up menu, select the Security tab, and then you can see which accounts can access the partition (volume) and access rights. After the default installation, the "Everyone" has Full Control permissions. Click "Add", add "Administrators", "Backup Operators", "Power Users", "users", and so on, and give "Full control" or the appropriate permissions, note, do not give the "Guests" group, "IUSR_ Machine name "These several account any permissions. Then remove the Everyone group from the list, in this way, only authorized groups and users can access this hard disk partition, and ASP execution, is to "IUSR_ machine name" as the identity of access to the hard disk, here does not give the user account permissions, ASP can not read and write the file on the hard disk.
The next thing to do is to set up a separate user account for each virtual host user, and then assign each account a directory that allows it to be fully controlled.
As shown in the following illustration, open Computer Management → Local Users and groups → users, click the right mouse button in the right column, and select New user from the menu that pops up:
In the New User dialog box that pops up, enter the user name, full name, description, password, confirm password, and remove the check mark before "User must change password at next logon", select "User Cannot Change password" and "Password never expires." This example establishes a built-in account "Iusr_vhost1" for anonymous access to Internet information services for users of the first virtual host, that is, all clients access this virtual host using http://xxx.xxx.xxxx/. Click "Create" when you finish typing. You can create multiple users based on actual needs, and then "close" when you are finished:
Now that the newly created user has already appeared in the account list, double-click the account in the list for further setup:
In the pop-up "Iusr_vhost1" (that is, the new account that you just created), in the middle of the Properties dialog box, click the Subordinate to tab:
The newly established account number defaults to the Users group, select the group, and click Delete:
Now it appears as shown in the following illustration, and then click Add:
Current 1/3 page
123 Next read the full text
