Iis7: how to set the read, script, and Executable File Execution Permissions

Source: Internet
Author: User

For the IIS server, you can set an access policy by configuring the function permissions. The access policy specifies the web server, site, and application in IIS.ProgramType of permissions that can be granted to all handlers at the directory or file level. The read, script, and execution permissions that can be enabled or disabled in the access policy. Whether the processing program runs depends on the access policy and the access settings required by the processing program. If the handler requires a function permission type not enabled in the access policy, the handler will be disabled and all requests processed by the handler (mapped based on the handler) will fail, unless the request can be processed by another handler. In IIS 5 and IIS 6, we can configure website attributes to set the website permission level to the following situations: read, write, script resource access, directory browsing, record access, pure script, script, and executable files. The permissions are as follows:

Read:You can view the file content and attributes.

Write:You can change the file content and attributes.

Script Resource Access: users can access filesSource codeSuch as the script used to access script Resources in the Active Server Pages (ASP) application. This option can be used only when the "read" or "write" permission is assigned. You can access source files. If the read permission is assigned, the source can be read.Code. If the write permission is assigned, you can also write the source code.

Directory browsing:You can view the file list and collection.

Record access:Create a log project for each website access. Record access to the index resource allows the Index Service to index the resource.

Pure script:A pure script sets the application permission to "Pure script" to allow the application mapped to the script engine to run in this directory without having to have the permissions set for executable files. Setting permissions to "Pure scripts" is more secure than setting them to "scripts and executable files" because you can restrict applications that can run in this directory.

Scripts and executable files:Set the application permission to "script and executable file" to allow the application to run in this script and executable file directory, these include applications mapped to the script engine and Windows binary files (. DLL and. EXE file ).

However, in IIS 7, we found that we could not find the corresponding option. In fact, it does not disappear. The configuration method is as follows:

1. Open the IIS manager and navigate to the level you want to manage;

2. on the "server Homepage", "site homepage", or "application Homepage" in "function View", double-click "handler ing ";

 

 

3. On the "operations" page, click "Edit function Permissions ";

 

 

4. In the "Edit function permission" dialog box, perform the following operations:

Select "read" to enable the handler that requires read access to the virtual directory, and clear "read" to disable the handler that requires read access to the virtual directory.

Select "script" to enable the handler that requires script permission on the virtual directory. Clear "script" to disable the handler that requires script permission on the virtual directory.

Select "run" to enable the processing program that requires the execution permission on the virtual directory, and clear "run" to disable the processing program that requires the execution permission on the virtual directory. The "execute" option is enabled only when the "script" is selected.

5. Click OK.

In addition, you can configure permissions through the command line. The syntax is as follows:

Appcmd set config/section: handlers/accesspolicy: noremotescript | noremoteexecute | noremoteread | noremotewrite | script | source | execute | write | read | none

You can specify one or more options for the accesspolicy attribute or none. If multiple values are specified, separate them with commas. For example, to enable a handler that requires read or script permissions, enter the following command at the command prompt and press Enter:

Appcmd set config/section: handlers/accesspolicy: read, script

For the IIS server, you can set an access policy by configuring the function permissions. The access policy specifies the types of permissions that can be granted to all processing programs at the web server, site, application, directory, or file level in IIS. The read, script, and execution permissions that can be enabled or disabled in the access policy. Whether the processing program runs depends on the access policy and the access settings required by the processing program. If the handler requires a function permission type not enabled in the access policy, the handler will be disabled and all requests processed by the handler (mapped based on the handler) will fail, unless the request can be processed by another handler. In IIS 5 and IIS 6, we can configure website attributes to set the website permission level to the following situations: read, write, script resource access, directory browsing, record access, pure script, script, and executable files. The permissions are as follows:

Read:You can view the file content and attributes.

Write:You can change the file content and attributes.

Script Resource Access: You can access the source code of the file, such as the script Resource Access Script in the Active Server Pages (ASP) application. This option can be used only when the "read" or "write" permission is assigned. You can access source files. If the read permission is assigned, the source code can be read. If the write permission is assigned, you can also write the source code.

Directory browsing:You can view the file list and collection.

Record access:Create a log project for each website access. Record access to the index resource allows the Index Service to index the resource.

Pure script:A pure script sets the application permission to "Pure script" to allow the application mapped to the script engine to run in this directory without having to have the permissions set for executable files. Setting permissions to "Pure scripts" is more secure than setting them to "scripts and executable files" because you can restrict applications that can run in this directory.

Scripts and executable files:Set the application permission to "script and executable file" to allow the application to run in this script and executable file directory, these include applications mapped to the script engine and Windows binary files (. DLL and. EXE file ).

However, in IIS 7, we found that we could not find the corresponding option. In fact, it does not disappear. The configuration method is as follows:

1. Open the IIS manager and navigate to the level you want to manage;

2. on the "server Homepage", "site homepage", or "application Homepage" in "function View", double-click "handler ing ";

 

 

3. On the "operations" page, click "Edit function Permissions ";

 

 

4. In the "Edit function permission" dialog box, perform the following operations:

Select "read" to enable the handler that requires read access to the virtual directory, and clear "read" to disable the handler that requires read access to the virtual directory.

Select "script" to enable the handler that requires script permission on the virtual directory. Clear "script" to disable the handler that requires script permission on the virtual directory.

Select "run" to enable the processing program that requires the execution permission on the virtual directory, and clear "run" to disable the processing program that requires the execution permission on the virtual directory. The "execute" option is enabled only when the "script" is selected.

5. Click OK.

In addition, you can configure permissions through the command line. The syntax is as follows:

Appcmd set config/section: handlers/accesspolicy: noremotescript | noremoteexecute | noremoteread | noremotewrite | script | source | execute | write | read | none

You can specify one or more options for the accesspolicy attribute or none. If multiple values are specified, separate them with commas. For example, to enable a handler that requires read or script permissions, enter the following command at the command prompt and press Enter:

Appcmd set config/section: handlers/accesspolicy: read, script

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.