Skip navigation
Menu
Compute Engines

JSI Tip 4429. What NTFS permissions should I place on IIS 5.0 virtual directories and log files?


Within your Inetpub\wwwroot\<virtual_server> folder, you should have separate folders for: 

Executable files  (.bat, .cmd, .pl, .exe)
Script files      (.asp)
Include files     (.inc, .shtm, .shtm)
Static content    (.jpg, .gif, .htm, .html)
Set the following permissions for Executable, Script, and Include file folders: 
Everyone       (X)
Administrators (Full Control)
System         (Full Control)
Set the following permissions for Static content folders: 
Everyone       (R)
Administrators (Full Control)
System         (Full Control)
Since the Inetpub\FTProot and the Inetpub\Mailroot folders usually require anonymous access for read and write, put these folders on a separate partition and set disk quotas for the Everyone group. This will alert you when the folder fills up from a denial of service attack.

To prevent your log files from being altered by intruders, set the following permissions on the log files in the %SystemRoot%\system32\LogFiles folder:

Administrators (Full Control)
System         (Full Control)
Everyone       (Read)



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023