You can read, write, copy, delete, and rename any files on the server's hard disk (of course, this is done under the default Windows NT/2000 ). However, if this component is disabled, all ASP nodes that use this component cannot run and cannot meet customers' requirements.
How can we allow the FileSystemObject component without affecting the security of the server (that is, users on different virtual hosts cannot use this component to read or write files from other users? Here is a method I have obtained in my experiment. The following section uses Windows 2000 Server as an example.
Open the resource manager on the server, right-click the drive letter of each hard disk partition or volume, select "properties" in the pop-up menu, and select the "Security" tab, now you can see which accounts can access this partition (volume) and access permissions. After the default installation, "everyone" has full control permissions. Click "add" to add "Administrators", "Backup Operators", "Power Users", and "users" groups, and grant "Full Control" or corresponding permissions, note: do not grant the "guests" group or "IUSR _ machine name" account any permissions. Then, remove the "everyone" group from the list. In this way, only authorized groups and users can access the hard disk partition. When ASP is executed, access the hard disk as "IUSR _ machine name". asp cannot read or write files on the hard disk because the user account is not authorized.
The following is to set a separate user account for each VM user, and then assign each account a directory that allows its full control.
As shown in, choose "Computer Management"> "local users and groups"> "users", right-click on the right bar, and select "new user" in the pop-up menu ":
In the pop-up "new user" dialog box, enter "User Name", "Full name", "Description", "password", and "Confirm Password" as needed ", remove the check box before "the user must change the password upon next login", and select "the user cannot change the password" and "the password will never expire ". In this example, create an anonymous built-in account "iusr_vhost1" for the first VM user, that is, when all clients use http://xxx.xxx.xxxx/to access this Vm, they are all accessed in this identity. After entering the information, click "CREATE. You can create multiple users as needed. Click "close" after creation ":
Now the newly created user has appeared in the account list. Double-click the account in the list for further settings:
In the pop-up "iusr_vhost1" (that is, the new account you just created) attribute dialog box, click the "affiliated" tab:
The created account belongs to the "users" group by default. Select this group and click "delete ":
As shown in, click "add" again ":