"omar koudsi" <omark@jeeran.com> wrote in message
news:27eadc6c.0402282016.345e1b7c@posting.google.com...

"David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:<#HU6nap$DHA.2180@TK2MSFTNGP09.phx.gbl>...
> It is not possible to declaratively "disable" arbitrary objects on a per
> site basis.
>
> However, I can think of a hack which may work for you, using filesystem
> ACLs. Basically, you set up the websites that have FileSystemObject
> disabled to always execute with a certain user identity (for completeness, I
> would lock both the Process Identity as well as user identity to this user
> so that people don't hop around it with RevertToSelf() ) and then physically
> ACL the file implementing Scripting.FileSystemObject to deny access to that
> user. Doing this does not affect the access of anything else that needs
> FSO -- only the FSO attempts from those specific websites.
>
> This hack won't work if you cannot control the user identity of your users,
> but I suspect you should have this under control if you are a hoster.
>
> So, what you would do is:
> 1. Create an AppPool with a custom user identity of DeniedFSOUser
> 2. Set all websites to use this AppPool if you wish to deny them FSO access
> 3. Set anonymous user identity to be DeniedFSOUser for all websites in #2
> 4. Set Deny Read/Execute ACL on the file implementing FSO (mine says
> scrrun.dll) for DeniedFSOUser
> 5. If these websites have authentication, you may need to add those users as
> well to the Deny Read/Execute ACL (or use a group for this)
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> "omar koudsi" <omark@jeeran.com> wrote in message
> news:27eadc6c.0402282016.345e1b7c@posting.google.com...
> Win2k3/IIS6
>
> I would like to disable the file system object for some of the sites
> that im hosting on my server for security reasons, so this shouldnt be
> a server wide solution.
>