Server Security Settings Tutorial: Hard Disk Permission Settings

  
Here we focus on the required permissions, that is, the permissions required for the final folder or hard disk, to protect against various Trojan attacks, escalation attacks, cross-site attacks, and so on. After many experiments in this example, the security performance is very good, and the server is basically not worried about being threatened by Trojans. Hard disk or folder: C:\\ D:\\ E:\\ F:\\ Analog main permission part: Other permission part: Administrators full control no
If other operating environment, such as PHP, is installed, according to PHP environment function Require permission to set the hard disk permissions, generally the installation directory plus users to read the run permissions is sufficient, such as c: \\ php, in the case of root directory permissions inheritance plus users read run permissions, need to write data For example, the tmp folder, the user write and delete permissions, do not run permissions, and then the virtual host user's read permission can be denied. If it is mysql, it is safer to run MYSQL with a separate user, as described below. If it is winwebmail, it is best to establish a separate application pool and independent IIS users, then the entire installation directory has read/run/write/permissions for users, IIS users are the same, this IIS user only uses WEB access in winwebmail In the other IIS sites, do not use the server hard disk permission settings installed with winwebmail. The folder, subfolders and files are not inherited. CREATOR OWNER completely controls only subfolders and files. >SYSTEM completely controls the folder, subfolders and files <not inherited> Hard disk or folder: C:\\Inetpub\\ Main permissions section: Other permissions section: Administrators have full control of this folder, subfolders And the file < inherited from c:\\>CREATOR OWNER completely controls only subfolders and files<inherited from c:\\>SYSTEM completely controls the folder, subfolders and files<inherited from c:\\> Hard disk or folder: C:\\Inetpub\\AdminScripts Main Permissions section: Additional Permissions section: Administrators have full control of this folder, subfolders and files <not Inherited >SYSTEM completely controls the folder, subfolders and files <not inherited> Hard disk or folder: C:\\Inetpub\\wwwroot Main Permissions Section: Other Permissions Section: Administrators Full Control IIS_WPG Read Run /List folder directory /read the folder, subfolders and files the folder, subfolders and files <not inherited><not inherited>SYSTEM Full Control Users Read Run/List Folder directory /read the folder, subfolders and files The folder, subfolders and files <not inherited><not inherited> Here you can add the virtual host user group to
Same permissions as Internet Guest Account
Deny permission Internet Guest Account Create File/Write Data/: Reject
Create Folder/Additional Data/: Reject
Write Attribute/: Reject
Write Extended attribute /: Reject
Delete subfolder and file /: Reject
Delete /: Reject the folder, subfolders and files <not inherited> Hard disk or folder: C:\\Inetpub\\ Wwwroot\\aspnet_client Main Permissions: Other Limit section: Administrators completely control Users to read the folder, subfolders and files of the folder, subfolders and files <not inherited><not inherited>SYSTEM completely control the folder, subfile Folder & file <not inherited> Hard disk or folder: C:\\Documents and Settings Main permission section: Other permissions section: Administrators have full control of this folder, subfolders and files <not inherited>SYSTEM Full control over the folder, subfolders and files <not inherited> Hard disk or folder: C:\\Documents and Settings\\All Users Main Permissions section: Additional Permissions section: Administrators fully control Users to read and run the file Folders, subfolders and files The folder, subfolders and files <not inherited><not inherited>SYSTEM completely controls the permissions of the USERS group only to read and run,
absolutely cannot Plus write permissions to the folder, subfolders and files <not inherited> hard drive or folder: C:\\Documents and Settings\\All Users\\"Start The main permissions section of the menu: Other permissions section: Administrators completely control the folder, subfolders and files <not inherited>SYSTEM completely control the folder, subfolders and files<not inherited> Or folder: C:\\Documents and Settings\\All Users\\Application Data Main Permissions section: Additional Permissions section: Administrators fully control Users to read and run the folder, subfolders and files of this folder, subfolders and files <not inherited><not inherited>CREATOR OWNER completely controls Users to write only subfolders and files to this folder, subfolders<not inherited><not inherited>SYSTEM completely Control two side-by-side permissions with the user group that need to be separated from the column permissions for that folder, subfolders, and files <not inherited> Hard disk or folder: C:\\Documents and Settings\\All Users\\Application Data\\Microsoft Primary Permissions section : Other Permissions section: Administrators fully control Users to read and run the folder, subfolders and files in that folder, subtext And the clip files & lt; not inherited & gt; & lt; are not inherited & gt; SYSTEM Full Control This folder contains a Microsoft application state data
Copyright © Windows knowledge All Rights Reserved