| Groups | Blog | Home |
iis security : Limit some users?
I'm using IIS as with windows 2000 pro with all SP4. All is working fine but I have one small problem.I have set-up some passworded directory(web pages) which user can login to from the web site. What I need to do is not let all users login in to all directories(web pages).I need to limit some users to only some directories(web pages).Can I do this and how? Cheers Chris
Hi,
One way to do this would be to apply NTFS permissions on the web content. Of course you would have to remove permissions such as Authenticated Users Group, IUSR_<Computer Name>, etc. Then place the users (or your own groups) and allow these users only read permissions. Users who will not have read permissions will be denied access. IIS will always honor NTFS permissions... I hope this helps, -- Mike Microsoft MVP - Windows Security [quoted text, click to view] "Joker7" <sat_ring@hotmail.com> wrote in message news:1128253607.2aec507a71ec49dbce63317a5ba900a9@teranews... > Hi, > I'm using IIS as with windows 2000 pro with all SP4. > > All is working fine but I have one small problem.I have set-up some > passworded directory(web pages) which user can login to from the web site. > > What I need to do is not let all users login in to all directories(web > pages).I need to limit some users to only some directories(web pages).Can > I > do this and how? > > Cheers > Chris > >
[quoted text, click to view] "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message : Hi,news:e7YHIP2xFHA.1148@TK2MSFTNGP11.phx.gbl... : : One way to do this would be to apply NTFS permissions on the web content. Of : course you would have to remove permissions such as Authenticated Users : Group, IUSR_<Computer Name>, etc. Then place the users (or your own groups) : and allow these users only read permissions. : : Users who will not have read permissions will be denied access. : : IIS will always honor NTFS permissions... : : I hope this helps, : : -- : Mike : Microsoft MVP - Windows Security : [quoted text, click to view] : "Joker7" <sat_ring@hotmail.com> wrote in message : news:1128253607.2aec507a71ec49dbce63317a5ba900a9@teranews... I forgot to say that the drive is fat32 and not NTFS Cheers Chris
Do NOT run IIS on a FAT32 partition. You are just asking for trouble because
you have no security in that configuration. Running custom authentication will eventually cause you more problems than it is worth - suppose you want a Web hoster to host your website; they probably won't run your custom authentication (they do not like running arbitrary binaries on their servers because they have to protect themselves against both you and this binary), so you probably have to rewrite it all. I suggest you only allow IIS to serve content from a NTFS partition. I also suggest you stick with a web hoster to host your site and only do website development on your machine. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "Joker7" <sat_ring@hotmail.com> wrote in message : Hi,news:1128270378.787c436c75f1d6f71254e174463cd4f6@teranews... "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message news:e7YHIP2xFHA.1148@TK2MSFTNGP11.phx.gbl... : : One way to do this would be to apply NTFS permissions on the web content. Of : course you would have to remove permissions such as Authenticated Users : Group, IUSR_<Computer Name>, etc. Then place the users (or your own groups) : and allow these users only read permissions. : : Users who will not have read permissions will be denied access. : : IIS will always honor NTFS permissions... : : I hope this helps, : : -- : Mike : Microsoft MVP - Windows Security : [quoted text, click to view] : "Joker7" <sat_ring@hotmail.com> wrote in message : news:1128253607.2aec507a71ec49dbce63317a5ba900a9@teranews... I forgot to say that the drive is fat32 and not NTFS Cheers Chris
[quoted text, click to view] "David Wang [Msft]" <someone@online.microsoft.com> wrote in message : Do NOT run IIS on a FAT32 partition. You are just asking for trouble news:%23356aH8xFHA.3124@TK2MSFTNGP12.phx.gbl... because : you have no security in that configuration. Running custom authentication : will eventually cause you more problems than it is worth - suppose you want : a Web hoster to host your website; they probably won't run your custom : authentication (they do not like running arbitrary binaries on their servers : because they have to protect themselves against both you and this binary), : so you probably have to rewrite it all. : : I suggest you only allow IIS to serve content from a NTFS partition. : : I also suggest you stick with a web hoster to host your site and only do : website development on your machine. : : -- : //David : IIS : http://blogs.msdn.com/David.Wang : This posting is provided "AS IS" with no warranties, and confers no rights. : // [quoted text, click to view] : "Joker7" <sat_ring@hotmail.com> wrote in message :: Hi,: news:1128270378.787c436c75f1d6f71254e174463cd4f6@teranews... : : "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message : news:e7YHIP2xFHA.1148@TK2MSFTNGP11.phx.gbl... :: :: One way to do this would be to apply NTFS permissions on the web content. : Of :: course you would have to remove permissions such as Authenticated Users :: Group, IUSR_<Computer Name>, etc. Then place the users (or your own : groups) :: and allow these users only read permissions. :: :: Users who will not have read permissions will be denied access. :: :: IIS will always honor NTFS permissions... :: :: I hope this helps, :: :: -- :: Mike :: Microsoft MVP - Windows Security :: [quoted text, click to view] :: "Joker7" <sat_ring@hotmail.com> wrote in message ::: news:1128253607.2aec507a71ec49dbce63317a5ba900a9@teranews... : I forgot to say that the drive is fat32 and not NTFS : : Cheers : Chris: : : Hi, I'm a simple man with simple goals in life,so could you explain yourself in simple terms.I'm not a computer whiz that would understand all the tech talk. Quote You are just asking for trouble because : you have no security in that configuration. Running custom authentication : will eventually cause you more problems than it is worth I only run my server for fun and a couple of friends and family visit it.So how should I go about making it more secure? Chris
First step would be to use NTFS instead of FAT32.
Here is more information on how to secure your IIS server: Internet Information Services (IIS) http://www.microsoft.com/technet/security/prodtech/IIS.mspx -- Mike Microsoft MVP - Windows Security [quoted text, click to view] "Joker7" <sat_ring@hotmail.com> wrote in message news:1128423222.b2735f3f7a22d24258519430516cbc1a@teranews... > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message > news:%23356aH8xFHA.3124@TK2MSFTNGP12.phx.gbl... > : Do NOT run IIS on a FAT32 partition. You are just asking for trouble > because > : you have no security in that configuration. Running custom > authentication > : will eventually cause you more problems than it is worth - suppose you > want > : a Web hoster to host your website; they probably won't run your custom > : authentication (they do not like running arbitrary binaries on their > servers > : because they have to protect themselves against both you and this > binary), > : so you probably have to rewrite it all. > : > : I suggest you only allow IIS to serve content from a NTFS partition. > : > : I also suggest you stick with a web hoster to host your site and only do > : website development on your machine. > : > : -- > : //David > : IIS > : http://blogs.msdn.com/David.Wang > : This posting is provided "AS IS" with no warranties, and confers no > rights. > : // > : "Joker7" <sat_ring@hotmail.com> wrote in message > : news:1128270378.787c436c75f1d6f71254e174463cd4f6@teranews... > : > : "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message > : news:e7YHIP2xFHA.1148@TK2MSFTNGP11.phx.gbl... > :: Hi, > :: > :: One way to do this would be to apply NTFS permissions on the web > content. > : Of > :: course you would have to remove permissions such as Authenticated Users > :: Group, IUSR_<Computer Name>, etc. Then place the users (or your own > : groups) > :: and allow these users only read permissions. > :: > :: Users who will not have read permissions will be denied access. > :: > :: IIS will always honor NTFS permissions... > :: > :: I hope this helps, > :: > :: -- > :: Mike > :: Microsoft MVP - Windows Security > :: > :: "Joker7" <sat_ring@hotmail.com> wrote in message > :: news:1128253607.2aec507a71ec49dbce63317a5ba900a9@teranews... > : > : I forgot to say that the drive is fat32 and not NTFS > : > > : Cheers > : Chris: > : > : > > Hi, > I'm a simple man with simple goals in life,so could you explain yourself > in > simple terms.I'm not a computer whiz that would understand all the tech > talk. > > Quote > > You are just asking for trouble because > : you have no security in that configuration. Running custom > authentication > : will eventually cause you more problems than it is worth > > I only run my server for fun and a couple of friends and family visit > it.So > how should I go about making it more secure? > > Chris > >
Then the simple way would be to find a Web Hoster and have them host your
website. No complexities of hosting and securing a server, friends/family can still visit the website, and you have control of its content. Reality is, as soon as you put a server up, the entire world will visit it, including your family. Most of the non-family members will likely visit with malicious intent, and if you do not become a whiz they will walk all over you. When you talk about Computers and Security, it is like talking about Cars and Safety. It is constantly changing and improving. And when you say: [quoted text, click to view] > I only run my server for fun and a couple of friends and family visit > it.So how should I go about making it more secure? It is analogous to saying: "I only drive my car for fun for a couple of friends and family, so how should I go about making it more safe?" In the case of the car, you would buy the car with the safety features and use them. You wouldn't try to assemble it together. In the case of the server, where you have all the pieces, you either need to know how to assemble it properly, or you buy the end product of someone else who has it together. And since you say you are a simple man with simple goals and not a computer whiz nor understand all the tech talk, I suggest you go with professional Web Hosters like 1and1.com -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "Joker7" <sat_ring@hotmail.com> wrote in message : Do NOT run IIS on a FAT32 partition. You are just asking for troublenews:1128423222.b2735f3f7a22d24258519430516cbc1a@teranews... "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:%23356aH8xFHA.3124@TK2MSFTNGP12.phx.gbl... because : you have no security in that configuration. Running custom authentication : will eventually cause you more problems than it is worth - suppose you want : a Web hoster to host your website; they probably won't run your custom : authentication (they do not like running arbitrary binaries on their servers : because they have to protect themselves against both you and this binary), : so you probably have to rewrite it all. : : I suggest you only allow IIS to serve content from a NTFS partition. : : I also suggest you stick with a web hoster to host your site and only do : website development on your machine. : : -- : //David : IIS : http://blogs.msdn.com/David.Wang : This posting is provided "AS IS" with no warranties, and confers no rights. : // [quoted text, click to view] : "Joker7" <sat_ring@hotmail.com> wrote in message :: Hi,: news:1128270378.787c436c75f1d6f71254e174463cd4f6@teranews... : : "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message : news:e7YHIP2xFHA.1148@TK2MSFTNGP11.phx.gbl... :: :: One way to do this would be to apply NTFS permissions on the web content. : Of :: course you would have to remove permissions such as Authenticated Users :: Group, IUSR_<Computer Name>, etc. Then place the users (or your own : groups) :: and allow these users only read permissions. :: :: Users who will not have read permissions will be denied access. :: :: IIS will always honor NTFS permissions... :: :: I hope this helps, :: :: -- :: Mike :: Microsoft MVP - Windows Security :: [quoted text, click to view] :: "Joker7" <sat_ring@hotmail.com> wrote in message ::: news:1128253607.2aec507a71ec49dbce63317a5ba900a9@teranews... : I forgot to say that the drive is fat32 and not NTFS : : Cheers : Chris: : : Hi, I'm a simple man with simple goals in life,so could you explain yourself in simple terms.I'm not a computer whiz that would understand all the tech talk. Quote You are just asking for trouble because : you have no security in that configuration. Running custom authentication : will eventually cause you more problems than it is worth I only run my server for fun and a couple of friends and family visit it.So how should I go about making it more secure? Chris
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |