Setting IIS Web Site Permissions

Read

Users can view the content and properties of directories or files. This permission is set by default. This permission is required for Web sites that have static content. If all of your content is scripted, such as a Web site that only uses Active Server Pages (ASP) content, you can remove the Read permission.

Script Source Access

Users can access source files. If the Read permission is set, then users can read source files; if the Write permission is set, then users can modify the content and properties of the source files. The Script Source Access permission also applies to the source code for scripts. This option is not available if both the Read and Write permissions are not set.

Set this permission only when using Web Distributed Authoring and Versioning (WebDAV). In addition, make sure that you require authentication for this site and that your file permissions are set correctly.

Expand table

Important
When you set the Script Source Access permission, users might be able to view sensitive information, such as a user name and password. Users might also be able to change source code that runs on your server, and seriously affect the security and performance of your server.

Log visits

A log entry is created for each visit to the Web site. As an operational security practice, it is highly recommend that you enable logging.

Execute

Users have the appropriate level of script execution:

• None. Does not allow scripts or executables to run on the server.
  
  
• Scripts only. Allows only scripts to run on the server.
  
  
• Scripts and Executables. Allows both scripts and executables to run on the server.