Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IIS6 - System Drive permisisons 1

Status
Not open for further replies.
a6m1n0

a6m1n0

Programmer
Joined
Mar 7, 2005
Messages
233
Location
US
I have a windows 2003 server with IIS6 which I am trying to setup for shared hosting. I have this configuration:

C: system
D: webapps that are protected with NTLM permissions
E: inetpub

C: has default permissions except my removal of Everyone.
D: AdminGroup, Admin, Creator, System, and some special service users.
E: same as above, but IUSR has some permissions in
There is a script thats been floating around on some of my peers servers called webadmin.php. With this file and default permissions on my C: drive, I am able to jump root and view/download (almost) anything in C:\ as IUSR.

I have not ran the lock down configuration tool yet as I am still setting up this server for shared hosting and would like to do most of this manually (is good experience) before running the lockdown tool. I do not think I can just outright *deny* IUSR from C:, or can I? What would be the appropiate permissions to apply to C: to secure it against the user 'jumping root' and browsing C:?

Any input is appreciated. I am a little rusty with server's so take it easy on me. :)

Thanks

-a6m1n0

Curiosity only kills cats.
 
Sort by date Sort by votes
C: has default permissions except my removal of Everyone.
Click to expand...

What permissions exactly do you have on the root? You should only have Administrators and System, nothing else.

Hope this helps


Wullie

Fresh Look - Quality Coldfusion 7/Windows Hosting
YetiHost - Coming Soon

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Administrators = Full Control (Default perms)
System = Full Control (Default perms)
Creator Owner = Special (Default perms)
Users = Read/List/Read&Execute ? These were set, but I have deleted them. Were these permissions set when I installed IIS or were they installed when 2003 was installed? Odd. They are not defult perms.

I also moved system temp to F:\TEMP, and added the special permissions for User/Network Service, and updated the Enviroment Variables.

Are there any other files in C: that have special perms for Users Group? What is standard procedure for auditing permissions on Windows Servers?

Sorry for all the questions...if I need to start a new topic just say the word.

Thanks Wullie.

-a6m1n0

Curiosity only kills cats.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Question Question
Explorer Error the operating system is not compatible with this product
Replies
0
Views
257
techbrain1
techbrain1
microsGuy16
  • Locked
  • Question Question
Can not copy files to Mapped drive
Replies
0
Views
971
microsGuy16
microsGuy16
ADB100
  • Locked
  • Question Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
605
technome
technome
excoach
  • Locked
  • Question Question
map network drive to only show certain folders
Replies
3
Views
402
MakeItSo
MakeItSo
bazil2
  • Locked
  • Question Question
System volume drive C full - need to extend - can you recommend a suitable software solution?
Replies
2
Views
376
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top