Default permissions and user rights for IIS 6.0
2008-07-04 14:06
387 查看
INTRODUCTION
loadTOCNode(1, 'summary');This article describes the default permissions and the user rights on a newly installed application server that has Internet Information Services (IIS) 6.0 installed.
Back to the top
MORE INFORMATION
loadTOCNode(1, 'moreinformation');The following tables document the NTFS file system permissions, registry permissions, and Microsoft Windows user rights. This information applies if Microsoft ASP.NET is included as part of the installation suite. This article focuses on the World Wide Web Publishing Service and does not consider other components, such as the File Transfer Protocol (FTP) service, the Simple Mail Transfer Protocol (SMTP) service, and Microsoft FrontPage Server Extensions (FPSE).
Note For the purposes of this document, the IUSR_MachineName account is used interchangeably with a configured anonymous account.
Back to the top
NTFS permissions
loadTOCNode(2, 'moreinformation');Directory | Users\Groups | Permissions |
%windir%\help\iishelp\common | Administrators | Full control |
%windir%\help\iishelp\common | System | Full control |
%windir%\help\iishelp\common | IIS_WPG | Read, execute |
%windir%\help\iishelp\common | Users (See Note 1.) | Read, execute |
%windir%\IIS Temporary Compressed Files | Administrators | Full control |
%windir%\IIS Temporary Compressed Files | System | Full control |
%windir%\IIS Temporary Compressed Files | IIS_WPG | Full control |
%windir%\IIS Temporary Compressed Files | Creator owner | Full control |
%windir%\system32\inetsrv | Administrators | Full control |
%windir%\system32\inetsrv | System | Full control |
%windir%\system32\inetsrv | Users | Read, execute |
%windir%\system32\inetsrv\*.vbs | Administrators | Full control |
%windir%\system32\inetsrv\ASP compiled templates | Administrators | Full control |
%windir%\system32\inetsrv\ASP compiled templates | IIS_WPG | Full control |
%windir%\system32\inetsrv\History | Administrators | Full control |
%windir%\system32\inetsrv\History | System | Full control |
%windir%\system32\Logfiles | Administrators | Full control |
%windir%\system32\inetsrv\metaback | Administrators | Full control |
%windir%\system32\inetsrv\metaback | System | Full control |
Inetpub\Adminscripts | Administrators | Full control |
Inetpub\wwwroot (or content directories) | Administrators | Full control |
Inetpub\wwwroot (or content directories) | System | Full control |
Inetpub\wwwroot (or content directories) | IIS_WPG | Read, execute |
Inetpub\wwwroot (or content directories) | IUSR_MachineName | Read, execute |
Inetpub\wwwroot (or content directories) | ASPNET (See Note 2.) | Read, execute |
Note 2 By default, ASP.NET is used as the ASP.NET process identity in IIS 5.0 isolation mode. If ASP.NET is switched to IIS 5.0 isolation mode, ASP.NET must have access to the content areas. ASP.NET process isolation is detailed in IIS Help. For additional information, visit the following Microsoft Web site:
ASP.NET process isolation
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/e409289d-2786-4a34-bb7e-9c546602c2c8.mspx (http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/e409289d-2786-4a34-bb7e-9c546602c2c8.mspx)
Back to the top
Registry permissions
loadTOCNode(2, 'moreinformation');Location | Users\Groups | Permissions |
HKLM\System\CurrentControlSet\Services\ASP | Administrators | Full control |
HKLM\System\CurrentControlSet\Services\ASP | System | Full control |
HKLM\System\CurrentControlSet\Services\ASP | IIS_WPG | Read |
HKLM\System\CurrentControlSet\Services\HTTP | Administrators | Full control |
HKLM\System\CurrentControlSet\Services\HTTP | System | Full control |
HKLM\System\CurrentControlSet\Services\HTTP | IIS_WPG | Read |
HKLM\System\CurrentControlSet\Services\IISAdmin | Administrators | Full control |
HKLM\System\CurrentControlSet\Services\IISAdmin | System | Full control |
HKLM\System\CurrentControlSet\Services\IISAdmin | IIS_WPG | Read |
HKLM\System\CurrentControlSet\Services\w3svc | Administrators | Full control |
HKLM\System\CurrentControlSet\Services\w3svc | System | Full control |
HKLM\System\CurrentControlSet\Services\w3svc | IIS_WPG | Read |
Back to the top
Windows user rights
loadTOCNode(2, 'moreinformation');Policy | Users |
Access this computer from the network | Administrators |
Access this computer from the network | ASPNET |
Access this computer from the network | IUSR_MachineName |
Access this computer from the network | IWAM_MachineName |
Access this computer from the network | Users |
Adjust memory quotas for a process | Administrators |
Adjust memory quotas for a process | IWAM_MachineName |
Adjust memory quotas for a process | Local service |
Adjust memory quotas for a process | Network service |
Bypass traverse checking | IIS_WPG |
Allow log on locally (see Note) | Administrators |
Allow log on locally (see Note) | IUSR_MachineName |
Deny logon locally | ASPNET |
Impersonate a client after authentication | Administrators |
Impersonate a client after authentication | ASPNET |
Impersonate a client after authentication | IIS_WPG |
Impersonate a client after authentication | Service |
Log on as a batch job | ASPNET |
Log on as a batch job | IIS_WPG |
Log on as a batch job | IUSR_MachineName |
Log on as a batch job | IWAM_MachineName |
Log on as a batch job | Local service |
Logon as a service | ASPNET |
Logon as a service | Network service |
Replace a process level token | IWAM_MachineName |
Replace a process level token | Local service |
Replace a process level token | Network service |
Note In IIS 6.0, when Basic authentication is configured as one of the authentication options, the LogonMethod metabase property for Basic authentication is NETWORK_CLEARTEXT. The NETWORK_CLEARTEXT logon type does not require the Allow log on locally user right. This also applies to Anonymous authentication. For additional information, see the "Basic Authentication Default Logon Type" topic in IIS Help. You can also visit the following Microsoft Web site:
Basic authentication
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/cf438d2c-f9c7-4351-bf56-d2ab950d7d6e.mspx (http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/cf438d2c-f9c7-4351-bf56-d2ab950d7d6e.mspx)
相关文章推荐
- ASP.NET Application Life Cycle Overview for IIS 5.0 and 6.0
- 第二讲 Best Practices For Running IIS 6.0 And ASP.NET
- System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\DefaultAppPool' in IIS7
- Login failed for user 'IIS APPPOOL\DefaultAppPool'
- Change Default User and Password for Cognos Content Database
- Resolved - The permissions granted to user '***\***' are insufficient for performing this operation.
- struts2 在拦截器里报错:No result defined for action com.gkwl.action.UserAction and result input
- No result defined for action com.bdqn.action.UserRoleRelateAction and result input
- Working with user roles and permissions in SharePoint Object Model
- 401.1 and 401.2-Authentication Problems (IIS 6.0)
- Define and setup for user developed IDOC
- No result defined for action com.web.action.UserAction and result input
- default user/passwd for OpenSolaris
- C# 通过exchange发送邮件 defaultuser and use username_password
- please specify user and group other than root, pool 'default'
- How to create a new user and grant permissions on MySql
- Shell Script Examples: case, count, for, if, while and User input
- Samba set of user authentication and file access rights
- CRUD for user and other things to do...
- How To Configure IIS 6.0 and Tomcat with the JK 1.2 Connector