Security

Previous Topic Next Topic

File and Directory Security

IIS 5.0 uses Windows 2000 Server security throughout, including DACLs in the Windows File System, NTFS. It is recommended that you place your data files on an NTFS partition because NTFS provides security and access control for your data files.

DACLs grant or deny access to the associated file or folder by specific Windows user accounts, or groups of users. When an Internet service attempts to read or execute a file on behalf of a client request, the user account offered by the service must have permission.

You can use IIS 5.0 virtual directory access control combined with Windows accounts and NTFS file ACLs in order to configure access to specific files within a Web site. After a user is authenticated for the IIS 5.0 virtual directory, IIS uses the context of the requesting user (Anonymous or specific) to gain access to the NTFS file based on the user account, user rights policy, and file permissions.

It is possible to use the Windows Interactive user and Network user accounts in order to provide broad access control for files available to IIS 5.0. The Interactive user is a special user account representing any user who is logged on interactively. In other words, this is someone who has the Log on locally privilege and has been logged on locally. The Network user account is similar, but applies to users with the Network logon privilege.

See the following:


© 1997-1999 Microsoft Corporation. All rights reserved.