Re: NTFS permissions

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bojidar Alexandrov (bojo_at_kodar.net)
Date: 05/09/04

Next message: Painless: "Re: My IIS server is not working correctly anymore"
Previous message: Alan Garny: "Re: IIS - SMTP - CDONTS"
In reply to: Kim Lots: "Re: NTFS permissions"
Messages sorted by: [ date ] [ thread ]

Date: Sun, 9 May 2004 14:12:26 +0300

I have'nt run LockDown but I think that it does not modify folder
permissions - only enabled services....
Mine premissions of Default Web site probbaly are not default ones.
Generally you need that IUser_xxx have read permissions and Administrators
(or FPE Authors have full permissions) here they are but have in mind
probbaly they are not optimal ones.

C:\Inetpub>cacls wwwroot

C:\Inetpub\wwwroot BOJO\Web Applications:(OI)(CI)(DENY)(special access:)
                                                 DELETE
                                                 WRITE_DAC
                                                 WRITE_OWNER
                                                 FILE_WRITE_DATA
                                                 FILE_APPEND_DATA
                                                 FILE_WRITE_EA
                                                 FILE_DELETE_CHILD
                                                 FILE_WRITE_ATTRIBUTES

                   BOJO\Web Anonymous Users:(OI)(CI)(DENY)(special access:)
                                                    DELETE
                                                    WRITE_DAC
                                                    WRITE_OWNER
                                                    FILE_WRITE_DATA
                                                    FILE_APPEND_DATA
                                                    FILE_WRITE_EA
                                                    FILE_DELETE_CHILD
                                                    FILE_WRITE_ATTRIBUTES

                   Everyone:(OI)(CI)R
                   NT AUTHORITY\SYSTEM:(OI)(IO)F
                   NT AUTHORITY\SYSTEM:(CI)F
                   BUILTIN\Administrators:(OI)(IO)F
                   BUILTIN\Administrators:(CI)F

Bojidar Alexandrov

"Kim Lots" <nomail@forme.com> wrote in message
news:clsr90h71firapldeg06ttko9p9pelgj57@4ax.com...
> Hi
>
> Thanks a lot!
>
> Have you run the LockDown tool on your server and if you have the time
> also your settings for the Inetpub\wwwroot becourse this would be the
> same for all Virtual Directories, I think! Thanks
>
>
>
>
> On Sun, 9 May 2004 11:48:48 +0300, "Bojidar Alexandrov"
> <bojo@kodar.net> wrote:
>
> >Mine are these and I think that they are default ones
> >
> >C:\WINNT\system32>cacls inetsrv
> >C:\WINNT\system32\inetsrv BUILTIN\Users:R
> > BUILTIN\Users:(OI)(CI)(IO)(special access:)
> > GENERIC_READ
> > GENERIC_EXECUTE
> >
> > BUILTIN\Power Users:C
> > BUILTIN\Power Users:(OI)(CI)(IO)C
> > BUILTIN\Administrators:F
> > BUILTIN\Administrators:(OI)(CI)(IO)F
> > NT AUTHORITY\SYSTEM:F
> > NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
> > CREATOR OWNER:(OI)(CI)(IO)F
> >
>

Next message: Painless: "Re: My IIS server is not working correctly anymore"
Previous message: Alan Garny: "Re: IIS - SMTP - CDONTS"
In reply to: Kim Lots: "Re: NTFS permissions"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: lockdown tool - write permissions IUSR
... If you select restrict write option when you run the lockdown ... prompt to list users permissions. ... > on a web server with several hundreds of webs, i need to run the lockdown ... > i know that lockdown tool is preventing IUSR from writing to folders ...
(microsoft.public.inetserver.iis.security)
Re: IIS Lockdown Wizard version 2.1
... then you shouldn't install. ... the lockdown help you to configure relevant permissions. ... > intranet servers this server is asp, ...
(microsoft.public.inetserver.iis.security)
ACL Restrictions
... I'm trying to lockdown the permissions on a Windows 2000 IIS server as much ...
(microsoft.public.inetserver.iis.security)
Re: share premission errors
... There are no Deny premissions set anywhere on the server ... | the appropriate permissions to access the item." ... | unc path from another computer. ... I am logging in as the domain admin. ...
(microsoft.public.security)
2000 -> 2003 system replication messages via smarthost
... The problem is that 2000->2003 system replication ... rejected by 2003 with NDR 5.7.1 You do not have ... premissions to sent to this recipient. ... the question is which permissions and where should I ...
(microsoft.public.exchange.connectivity)