root security permissions for a web server

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I noticed that the root security permissions by default are set for the group
"Everyone" to have full control. I am using Windows Server 2000 to run a web
server, and I believe the default root security permissions are very
dangerous in this case. Can anyone suggest a useful and secure
configuration of the root security permissions for me, or an article which
talks about such specifically in reference to a web server? I plan on using
the web space for personal web pages, as well as phpBB and a php portal.
 
I noticed that the root security permissions by default are set for the group
"Everyone" to have full control. I am using Windows Server 2000 to run a web
server, and I believe the default root security permissions are very
dangerous in this case. Can anyone suggest a useful and secure
configuration of the root security permissions for me, or an article which
talks about such specifically in reference to a web server? I plan on using
the web space for personal web pages, as well as phpBB and a php portal.
Click to expand...

See:

How to set required NTFS permissions and user rights for an IIS 5.0
Web server:
http://support.microsoft.com/default.aspx?scid=kb;en-us;271071

Jeff
 
In addition to Jeff's advice be sure to consider running the IISLockdown/URLscan tool
on your web server. Be sure to backup your computer, including the System State and
IIS configuration. IISLockdown tool can be rerun to reverse changes if it locks down
too tight the first time but still a good idea to have a backup. The links below
explain more. --- Steve

http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp
http://support.microsoft.com/default.aspx?scid=kb;EN-US;325864
 
Back
Top