Windows 2003 Server Permissions detailed configuration scenario 1th/9 Page _ Server

Source: Internet
Author: User
Tags tmp folder

1, the server security settings--Hard drive rights chapter

Here to focus on the required permissions, that is, the final folder or hard disk required permissions, you can defend against all kinds of Trojan intrusion, the right to attack, cross-station attacks. This example has been tested many times, the security performance is very good, the server basically has not been feared by the Trojan threat.
Hard disk or folder: C:\
D:\
E:\
F:\ Analogy
Main Permissions section: Other Permissions section:
Administrators
Full Control without
If the installation of other operating environment, such as PHP, according to the requirements of the environment of PHP to set the hard disk permissions, is generally installed directory plus users read run permissions is sufficient, such as c:\php, in the root directory permission inheritance with the users read run permissions, Need to write data such as the TMP folder, then the users of the write Delete permission Plus, run permissions do not, and then the virtual host user Read permission to refuse. If it is MySQL, it will be safer to run MySQL with an independent user, as described below. In the case of Winwebmail, it is best to establish separate application pools and standalone IIS users, and then the entire installation directory has read/run/write/permissions for users, and IIS users are the same, and this IIS user is only used in Winwebmail Web Access. Other IIS sites should not be used, after installing the Winwebmail server hard disk permissions setting for example


This folder, subfolders, and files
< is not an inherited >
CREATOR OWNER
Full Control
Subfolders and files only
< is not an inherited >
SYSTEM
Full Control
This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Inetpub\

Main Permissions section: Other Permissions section:
Administrators
Full Control without

This folder, subfolders, and files
< inherited from C:\>
CREATOR OWNER
Full Control
Subfolders and files only
< inherited from C:\>
SYSTEM
Full Control
This folder, subfolders, and files
< inherited from C:\>
Hard disk or folder: C:\Inetpub\AdminScripts

Main Permissions section: Other Permissions section:
Administrators
Full Control without

This folder, subfolders, and files
< is not an inherited >
SYSTEM
Full Control
This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Inetpub\wwwroot
Main Permissions section: Other Permissions section:
Administrators
Full Control IIS_WPG
Read Run/List folder directory/Read

The folder, subfolders and files of this folder, subfolders and files

< not inherited > < not inherited >
SYSTEM
Full Control of Users
Read Run/List folder directory/Read
The folder, subfolders and files of this folder, subfolders and files
< not inherited > < not inherited >


Here you can add the virtual host user group
Same permissions as the Internet Guest account
Deny permissions

Internet Guest Account
Create File/write Data/: Reject
Create Folder/Append Data/: Reject
Write attribute/: Reject
Write extended attribute/: Deny
Delete Subfolders and files/: Deny
Delete/: Reject
This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Inetpub\wwwroot\aspnet_client

Main Permissions section: Other Permissions section:
Administrators
Full Control of Users
Read
The folder, subfolders and files of this folder, subfolders and files
< not inherited > < not inherited >
SYSTEM
Full Control
This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Documents and Settings
Main Permissions section: Other Permissions section:
Administrators
Full Control without

This folder, subfolders, and files
< is not an inherited >
SYSTEM
Full Control
This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Documents and Settings\All Users

Main Permissions section: Other Permissions section:
Administrators
Full Control of Users
Read and run
The folder, subfolders and files of this folder, subfolders and files
< not inherited > < not inherited >
SYSTEM
Full control of the Users group's permissions is limited to read and run only,
Never add Write permission

This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Documents and Settings\All users\"Start Menu

Main Permissions section: Other Permissions section:
Administrators
Full Control without

This folder, subfolders, and files
< is not an inherited >
SYSTEM
Full Control
This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Documents and Settings\All Users\Application Data

Main Permissions section: Other Permissions section:
Administrators
Full Control of Users
Read and run
The folder, subfolders and files of this folder, subfolders and files
< not inherited > < not inherited >
CREATOR OWNER
Full Control of Users
Write
Only subfolders and files in this folder, subfolders
< not inherited > < not inherited >
SYSTEM
Fully control two parallel permissions and user groups need to separate column permissions

This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Documents and Settings\All Users\Application Data\Microsoft

Main Permissions section: Other Permissions section:
Administrators
Full Control of Users
Read and run
The folder, subfolders and files of this folder, subfolders and files
< not inherited > < not inherited >
SYSTEM
Full Control This folder contains Microsoft application state data

This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

Main Permissions section: Other Permissions section:
Administrators
Full Control of Everyone
List folders, read properties, read Extended properties, create files, create folders, write properties, write extended properties, read permissions

Only this folder everyone here only read and write permissions, can not run and delete permissions, only this folder
Only this folder
< not inherited > < not inherited >
Hard disk or folder: C:\Documents and Settings\All Users\Application Data\microsoft\crypto\dss\machinekeys

Main Permissions section: Other Permissions section:
Administrators
Full Control of Everyone
List folders, read properties, read Extended properties, create files, create folders, write properties, write extended properties, read permissions

Only this folder everyone here only read and write permissions, can not run and delete permissions, only this folder only
< not inherited > < not inherited >
Hard disk or folder: C:\Documents and Settings\All Users\Application Data\microsoft\html Help

Main Permissions section: Other Permissions section:
Administrators
Full Control of Users
Read and run
The folder, subfolders and files of this folder, subfolders and files
< not inherited > < not inherited >
SYSTEM
Full Control
This folder, subfolders, and files
< is not an inherited >
Hard disk or folder: C:\Documents and Settings\All Users\Application Data\microsoft\network\connections\cm

Main Permissions section: Other Permissions section:
Administrators
Full Control of Everyone
Read and run
The folder, subfolders and files of this folder, subfolders and files
< not inherited > < not inherited >
SYSTEM
Full Control everyone here only Read and run permissions

This folder, subfolders, and files
< is not an inherited >

Current 1/9 page 123456789 Next read the full text
Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.