Windows Server 2003 FSO Security Settings Guide

Source: Internet
Author: User
Keywords Delete server can

The

FSO (http://www.aliyun.com/zixun/aggregation/19352.html ">filesystemobject") is a Microsoft ASP's control of file manipulation that can read the server , new, modified, deleted directories, and file operations. is a very useful control in ASP programming. However, because of the issue of permissions control, many virtual host Server FSO has become a public backdoor of this server, because customers can be in their own ASP Web page directly to the control program, thus controlling the server or even delete files on the server. So many of the industry's virtual hosting providers simply shut down the control, giving customers a lot less flexibility.

The FSO refers to the file system object, and the English word is the filename. FSO is an ASP program in the operation of a file control, programmatically, you can through the control of the server to read, new, modify, delete directories and file operations. It is a very useful control in ASP programming, but you can think about, in a server there are many virtual users, if a user use FSO to delete other people's files, it is not a mess, so based on security considerations, many of the virtual host service providers simply turned off the control, but turn off this control, Some households want to use ASP to generate files and become impossible, so if the FSO shut down will make customers very inconvenient. So when you buy a virtual host, be sure to see your server has not turned off FSO permissions, with the FSO, we can manipulate the computer file system, here is located on the Web server. So, make sure you have the right permissions for this. Ideally, you can set up a Web server on your own machine so that you can easily test it. If you are running on the Windows platform, if you are not familiar with the FSO, try Microsoft's free personal Web server PWS, or Windows2000 Iisfso model object Drive object: Drive objects For access to disk or network drive FileSystemObject object: File system objects for accessing the computer's File system Folder object: Folders objects for accessing all properties of a folder TextStream object: Text stream object for access to file contents You can use the object above to do anything on the computer, including sabotage;-( Therefore, please use the FSO carefully. In a Web environment, storing information is important, such as user information, log files, and so on. The FSO provides a powerful and easy way to save data efficiently. In this article, we focus on FileSystemObject and TextStream objects.

ASP provides a powerful access to the file system, you can read, write, copy, delete, rename and so on any file on the server hard disk, which poses a great threat to the safety of the school website. Now many campus hosts have been subjected to the FSO Trojan intrusion. But after disabling the FSO component, the result is that all ASP programs that utilize this component will not be able to run and meet the needs of the customer. How can you allow both the FileSystemObject component and the security of the server (that is, you cannot use this component to read and write to other people's files)? The following is the experience of the author for many years:

The first step is different from the Windows 2000 settings key: Right-click C disk, click "Sharing and Security", in the dialog box, select the "Security" tab, the Everyone, Users group Delete, delete if your site even ASP program can not run, please add Iis_ WPG Group (Figure 1) and restart the computer.

After this design, FSO Trojan can no longer run. If you are setting up a more secure level, set up each partition separately and set different anonymous access users for each site. Here is an example to introduce (suppose your host on e disk ABC folder under the ABC.com site):

1. Open "Computer Management → Local Users and groups → users", create an ABC user, set a password, and remove the check mark before "User must change password at next logon", select "User Cannot Change password" and "Password Never Expires", and set the user to belong to guests group.

2. Right-click E:abc, select the properties → security tab, and you can see that the default security setting for this folder is everyone's Full control (depending on what is displayed differently), remove everyone's full control (if you can't delete it, click the Scales Advanced button), and then " Allow inheritable permissions on the parent to propagate "the front check is removed and all is removed, adding administrators and ABC users all security permissions to the directory on this site."

3. Open IIS Manager, right-click abc.com host name, in the pop-up menu, select the "Properties → directory Security" tab, click on authentication and access control [edit], pop-up Figure 2 dialog box, anonymous Access user default is "IUSR_ Machine name", click [Browse], in the "Select User" In the dialog box, locate the ABC account you created earlier, and then repeat the password after you confirm it.
This setting allows users visiting the site to access the E:abc folder's site anonymously as an ABC account, because the ABC account only has security permissions on the folder, so he can only use the FSO under this folder.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.