IIS Browsing

Hello
i've a great problem with IIS (5 or 6).

I have all my website in a Subfolder of C.
If I Place on a WebSite (casual) an ASP tools to browsing directory, I can
"navigate" the other site and all the server's disk structure (Windows
directory included).
My Web work with IIS Users.(IUSR)
I've just removed:
1) Browsing Directory
2) Parent path
3) NTFS permission are only : IUSR= read, SYSTEM=full, Administrators=full

How can i solve this problem?
I must remove FilesystemObject components in ASP?
I muste store data in a D disk and the system in a C disk?
Tank to all

Re: IIS Browsing

You need to change the NTFS permissions appropriately.

For example, to prevent each individual website from being able to browse
other websites, you should create an individual anonymous user account for
each website. Give that user account read permissions to its own website
only, and not to any other website.

Cheers
Ken


"Andrea :-)" wrote in message
news:4599869d$0$19101$4fafbaef@reader4.news.tin.it...
> Hello
> i've a great problem with IIS (5 or 6).
>
> I have all my website in a Subfolder of C.
> If I Place on a WebSite (casual) an ASP tools to browsing directory, I can
> "navigate" the other site and all the server's disk structure (Windows
> directory included).
> My Web work with IIS Users.(IUSR)
> I've just removed:
> 1) Browsing Directory
> 2) Parent path
> 3) NTFS permission are only : IUSR= read, SYSTEM=full, Administrators=full
>
> How can i solve this problem?
> I must remove FilesystemObject components in ASP?
> I muste store data in a D disk and the system in a C disk?
> Tank to all
>

Re: IIS Browsing

Tansk you for the Answer
(sorry for the post in the other forum).

Ok, i can make individual anonymous user account for each website but in
this mode i Cannot "cluster" my server (now I'm using Application Center)
because i cannot "export" Windows User in another server.



"Ken Schaefer" ha scritto nel messaggio
news:%23RhLf5iLHHA.4712@TK2MSFTNGP04.phx.gbl...
> You need to change the NTFS permissions appropriately.
>
> For example, to prevent each individual website from being able to browse
> other websites, you should create an individual anonymous user account for
> each website. Give that user account read permissions to its own website
> only, and not to any other website.
>
> Cheers
> Ken
>
>
> "Andrea :-)" wrote in message
> news:4599869d$0$19101$4fafbaef@reader4.news.tin.it...
>> Hello
>> i've a great problem with IIS (5 or 6).
>>
>> I have all my website in a Subfolder of C.
>> If I Place on a WebSite (casual) an ASP tools to browsing directory, I
>> can "navigate" the other site and all the server's disk structure
>> (Windows directory included).
>> My Web work with IIS Users.(IUSR)
>> I've just removed:
>> 1) Browsing Directory
>> 2) Parent path
>> 3) NTFS permission are only : IUSR= read, SYSTEM=full,
>> Administrators=full
>>
>> How can i solve this problem?
>> I must remove FilesystemObject components in ASP?
>> I muste store data in a D disk and the system in a C disk?
>> Tank to all
>>
>

Re: IIS Browsing

Hi,

You can use a domain account can't you?

Cheers
Ken


"Andrea :-)" wrote in message
news:Eromh.12378$K8.7756@news.edisontel.com...
> Tansk you for the Answer
> (sorry for the post in the other forum).
>
> Ok, i can make individual anonymous user account for each website but in
> this mode i Cannot "cluster" my server (now I'm using Application Center)
> because i cannot "export" Windows User in another server.
>
>
>
> "Ken Schaefer" ha scritto nel messaggio
> news:%23RhLf5iLHHA.4712@TK2MSFTNGP04.phx.gbl...
>> You need to change the NTFS permissions appropriately.
>>
>> For example, to prevent each individual website from being able to browse
>> other websites, you should create an individual anonymous user account
>> for each website. Give that user account read permissions to its own
>> website only, and not to any other website.
>>
>> Cheers
>> Ken
>>
>>
>> "Andrea :-)" wrote in message
>> news:4599869d$0$19101$4fafbaef@reader4.news.tin.it...
>>> Hello
>>> i've a great problem with IIS (5 or 6).
>>>
>>> I have all my website in a Subfolder of C.
>>> If I Place on a WebSite (casual) an ASP tools to browsing directory, I
>>> can "navigate" the other site and all the server's disk structure
>>> (Windows directory included).
>>> My Web work with IIS Users.(IUSR)
>>> I've just removed:
>>> 1) Browsing Directory
>>> 2) Parent path
>>> 3) NTFS permission are only : IUSR= read, SYSTEM=full,
>>> Administrators=full
>>>
>>> How can i solve this problem?
>>> I must remove FilesystemObject components in ASP?
>>> I muste store data in a D disk and the system in a C disk?
>>> Tank to all
>>>
>>
>
>