Securing a Web Site Using NTFS Special Permissions (IIS 6.0)
With NTFS permissions, you can assign special permissions to groups or users. Special permissions are permissions on a more detailed level. For better management, you should assign broad-level permissions to users or groups, where it is applicable. For descriptions of permissions, see "Permissions for Files or Folders" in Help and Support Center for Windows Server 2003.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To secure a Web site by using NTFS special permissions
1. | In IIS Manager, expand the local computer, right-click a Web site, directory, or virtual directory, and then click Permissions. | ||||||||||
2. | Click the Advanced tab, and then do one of the following: | ||||||||||
3. | In the Permissions box, select or clear the appropriate Allow or Deny check boxes. | ||||||||||
4. | In the Apply onto list box, click the folders or subfolders you want these permissions to be applied to. | ||||||||||
5. | To prevent the subfolders and files from inheriting these permissions, clear the Apply these permissions to objects and/or containers within this container only check box. | ||||||||||
6. | Click OK three times. | ||||||||||
Important
You should assign permissions to the highest-level folders possible and then apply inheritance to propagate the settings to lower-level subfolders and files. For more information about inheritance, see "How Inheritance Affects File and Folder Permissions" in Help and Support Center for Windows Server 2003.
Related Information
| • | For more information about access control, see "Access Control" in Help and Support Center for Windows Server 2003. |
