Immediately after a new installation of Microsoft Windows Server 2003, the special group Everyone has Read and Execute permissions on the root of the system volume, which is the disk volume where Windows Server 2003 is installed.
Any folders created beneath the root of the system volume automatically inherit the permissions assigned to the root of the system volume. This means that the Everyone group will have Read and Execute permissions on any new folders created immediately beneath the root of the system volume. To prevent an accidental breach in security, remove the permissions assigned to the special group "Everyone" on dedicated Web servers.
u·
Credentials:
Membership in the Administrators group on the local computer.
u·
Tools:
Iis.msc.
u·
File System:
The system volume must use the NTFS file system if you want to set file and
folder permissions.
As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname "mmc %systemroot%\system32\inetsrv\iis.msc".
|
To secure the root of the system volume by removing permissions
Open Accessories, and then click Windows Explorer.
In Windows Explorer, locate the root of the system volume.
Right-click the root of the system volume, click Properties, and then click the Security tab.
In the Group or user names list box, click Everyone, and then click Remove.
Click OK.
|