运行IIS的最小NTFS权限

  本文介绍了正常运行IIS所需要的最小NTFS权限,当IIS不能正常运行或者想严格限制权限的时候可以参照此文,以下是操作的7个步骤。
1、 选取整个硬盘:
System:完全控制
Administrator:完全控制
(允许将来自父系的可继承性权限传播给对象)
2、 \Program Files\Common Files:
Everyone:读取及运行
列出文件目录
读取
(允许将来自父系的可继承性权限传播给对象)
3、 \Inetpub\wwwroot:(按FSO处理)
IUSR_MACHINE:读取及运行
列出文件目录
读取
(允许将来自父系的可继承性权限传播给对象)
4、 \Winnt\system32:
选择除Inetsrv和Centsrv以外的所有目录,去除"允许将来自父系的可继承性权限传播给对象"选框,复制。
5、 \Winnt:
选择除了Downloaded Program Files、Help、IIS Temporary Compressed Files、Offline Web Pages、system32、Tasks、Temp、Web以外的所有目录,去除"允许将来自父系的可继承性权限传播给对象"选框,复制。
6、 \Winnt:
Everyone:读取及运行
列出文件目录
读取
(允许将来自父系的可继承性权限传播给对象)
7、 \Winnt\Temp:(允许访问数据库并显示在ASP页面上)
Everyone:修改
(允许将来自父系的可继承性权限传播给对象)
这样,你就拥有了一个权限严格而又可以正常运行的IIS系统
WIN2003 IIS最小权限分配的批处理文件
echo "删除C盘的everyone的权限" 
cd/ 
cacls "%SystemDrive%" /r "everyone" /e 
cacls "%SystemRoot%" /r "everyone" /e 
cacls "%SystemRoot%/Registration" /r "everyone" /e 
cacls "%SystemDrive%/Documents and Settings" /r "everyone" /e 
echo "删除C盘的所有的users的访问权限" 
cd/ 
cacls "%SystemDrive%" /r "users" /e 
cacls "%SystemDrive%/Program Files" /r "users" /e 
cacls "%SystemDrive%/Documents and Settings" /r "users" /e 
cacls "%SystemRoot%" /r "users" /e 
cacls "%SystemRoot%/addins" /r "users" /e 
cacls "%SystemRoot%/AppPatch" /r "users" /e 
cacls "%SystemRoot%/Connection Wizard" /r "users" /e 
cacls "%SystemRoot%/Debug" /r "users" /e 
cacls "%SystemRoot%/Driver Cache" /r "users" /e 
cacls "%SystemRoot%/Help" /r "users" /e 
cacls "%SystemRoot%/IIS Temporary Compressed Files" /r "users" /e 
cacls "%SystemRoot%/java" /r "users" /e 
cacls "%SystemRoot%/msagent" /r "users" /e 
cacls "%SystemRoot%/mui" /r "users" /e 
cacls "%SystemRoot%/repair" /r "users" /e 
cacls "%SystemRoot%/Resources" /r "users" /e 
cacls "%SystemRoot%/security" /r "users" /e 
cacls "%SystemRoot%/system" /r "users" /e 
cacls "%SystemRoot%/TAPI" /r "users" /e 
cacls "%SystemRoot%/Temp" /r "users" /e 
cacls "%SystemRoot%/twain_32" /r "users" /e 
cacls "%SystemRoot%/Web" /r "users" /e 
cacls "%SystemRoot%/WinSxS" /r "users" /e 
cacls "%SystemRoot%/system32/3com_dmi" /r "users" /e 
cacls "%SystemRoot%/system32/administration" /r "users" /e 
cacls "%SystemRoot%/system32/Cache" /r "users" /e 
cacls "%SystemRoot%/system32/CatRoot2" /r "users" /e 
cacls "%SystemRoot%/system32/Com" /r "users" /e 
cacls "%SystemRoot%/system32/config" /r "users" /e 
cacls "%SystemRoot%/system32/dhcp" /r "users" /e 
cacls "%SystemRoot%/system32/drivers" /r "users" /e 
cacls "%SystemRoot%/system32/export" /r "users" /e 
cacls "%SystemRoot%/system32/icsxml" /r "users" /e 
cacls "%SystemRoot%/system32/lls" /r "users" /e 
cacls "%SystemRoot%/system32/LogFiles" /r "users" /e 
cacls "%SystemRoot%/system32/MicrosoftPassport" /r "users" /e 
cacls "%SystemRoot%/system32/mui" /r "users" /e 
cacls "%SystemRoot%/system32/oobe" /r "users" /e 
cacls "%SystemRoot%/system32/ShellExt" /r "users" /e 
cacls "%SystemRoot%/system32/wbem" /r "users" /e 
echo "添加iis_wpg的访问权限" 
cacls "%SystemRoot%" /g iis_wpg:r /e 
cacls "%SystemDrive%/Program Files/Common Files" /g iis_wpg:r /e 
cacls "%SystemRoot%/Downloaded Program Files" /g iis_wpg:c /e 
cacls "%SystemRoot%/Help" /g iis_wpg:c /e 
cacls "%SystemRoot%/IIS Temporary Compressed Files" /g iis_wpg:c /e 
cacls "%SystemRoot%/Offline Web Pages" /g iis_wpg:c /e 
cacls "%SystemRoot%/System32" /g iis_wpg:c /e 
cacls "%SystemRoot%/Tasks" /g iis_wpg:c /e 
cacls "%SystemRoot%/Temp" /g iis_wpg:c /e 
cacls "%SystemRoot%/Web" /g iis_wpg:c /e
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值