As server 2008 gets closer, many users pay attention to the security of IIS again, and the author collates the batch file that describes the least privilege assignment under IIS ...
Copy Code code as follows:
@echo off
echo "Permission set"
echo "Remove everyone's permissions on C disk"
cd/
cacls "%systemdrive%"/R "Everyone"/e
cacls "%SystemRoot%"/R "Everyone"/e
cacls "%systemroot%/registration"/R "Everyone"/e
cacls "%systemdrive%/documents and Settings"/R "Everyone"/e
echo "Remove access rights for all users in C disk"
cd/
cacls "%systemdrive%"/R "users"/e
cacls "%systemdrive%/program Files"/r "users"/e
cacls "%systemdrive%/documents and Settings"/r "users"/e
cacls "%SystemRoot%"/R "users"/e
cacls "%systemroot%/addins"/R "users"/e
cacls "%systemroot%/apppatch"/R "users"/e
cacls "%systemroot%/connection Wizard"/r "users"/e
cacls "%systemroot%/debug"/R "users"/e
cacls "%systemroot%/driver Cache"/r "users"/e
cacls "%systemroot%/help"/R "users"/e
cacls "%systemroot%/iis Temporary Compressed Files"/r "users"/e
cacls "%systemroot%/java"/R "users"/e
cacls "%systemroot%/msagent"/R "users"/e
cacls "%systemroot%/mui"/R "users"/e
cacls "%systemroot%/repair"/R "users"/e
cacls "%systemroot%/resources"/R "users"/e
cacls "%systemroot%/security"/R "users"/e
cacls "%systemroot%/system"/R "users"/e
cacls "%systemroot%/tapi"/R "users"/e
cacls "%systemroot%/temp"/R "users"/e
cacls "%systemroot%/twain_32"/R "users"/e
cacls "%systemroot%/web"/R "users"/e
cacls "%systemroot%/winsxs"/R "users"/e
cacls "%SYSTEMROOT%/SYSTEM32/3COM_DMI"/R "users"/e
cacls "%systemroot%/system32/administration"/R "users"/e
cacls "%systemroot%/system32/cache"/R "users"/e
cacls "%systemroot%/system32/catroot2"/R "users"/e
cacls "%systemroot%/system32/com"/R "users"/e
cacls "%systemroot%/system32/config"/R "users"/e
cacls "%SYSTEMROOT%/SYSTEM32/DHCP"/R "users"/e
cacls "%systemroot%/system32/drivers"/R "users"/e
cacls "%systemroot%/system32/export"/R "users"/e
cacls "%systemroot%/system32/icsxml"/R "users"/e
cacls "%systemroot%/system32/lls"/R "users"/e
cacls "%systemroot%/system32/logfiles"/R "users"/e
cacls "%systemroot%/system32/microsoftpassport"/R "users"/e
cacls "%systemroot%/system32/mui"/R "users"/e
cacls "%systemroot%/system32/oobe"/R "users"/e
cacls "%systemroot%/system32/shellext"/R "users"/e
cacls "%systemroot%/system32/wbem"/R "users"/e
echo "Add IIS_WPG access rights"
cacls "%SystemRoot%"/g iis_wpg:r/e
cacls "%systemdrive%/program files/common Files"/g iis_wpg:r/e
cacls "%systemroot%/downloaded program Files"/g iis_wpg:c/e
cacls "%systemroot%/help"/g iis_wpg:c/e
cacls "%systemroot%/iis Temporary compressed Files"/g iis_wpg:c/e
cacls "%systemroot%/offline Web Pages"/g iis_wpg:c/e
cacls "%systemroot%/system32"/g iis_wpg:c/e
cacls "%systemroot%/tasks"/g iis_wpg:c/e
cacls "%systemroot%/temp"/g iis_wpg:c/e
cacls "%systemroot%/web"/g iis_wpg:c/e
echo "Add IIS_WPG access rights [. NET private]"
cacls "%systemroot%/assembly"/g iis_wpg:c/e
cacls "%systemroot%/microsoft.net"/g iis_wpg:c/e
echo "Add IIS_WPG access rights [MacFee software exclusive]"
cacls "%systemdrive%/program files/network Associates"/g iis_wpg:r/e
echo "Add access rights for users"
cacls "%systemroot%/temp"/g users:c/e