Configure Web Site Permissions

Applies To: Windows Server 2003, Windows Server 2003 with SP1

You can configure access permissions for specific Web sites, directories, and files. Unlike NTFS permissions, Web permissions affect everyone who tries to access your Web site. Web site permissions are not meant to be used in place of NTFS permissions, but are used in conjunction with them.

Note

If Web site permissions conflict with NTFS permissions for a directory or file, the more restrictive settings are applied.

Requirements

  • Credentials: Membership in the Administrators group on the local computer.

  • Tools: Iis.msc.

Recommendation

As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type **runas /user:**administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.

Procedures

To set permissions for Web content

  1. In IIS Manager, right-click the Web Sites folder, Web site, directory, virtual directory, or file you want to configure, and click Properties.

  2. On the Home Directory, Virtual Directory, or File property sheet, select or clear any of the following check boxes (if available), depending on the type of access you want to grant or deny:

    • Script Source Access. Users can access source files. If Read is selected, source can be read, if Write is selected, source can be written to. Script Source Access includes the source code for scripts. This option is not available if neither Read nor Write is selected.

    • Read (selected by default). Users can view directory or file content and properties.

    • Write. Users can change directory or file content and properties.

    • Directory browsing. Users can view file lists and collections.

    • Log visits. A log entry is created for each visit to the Web site.

    • Index this resource. Allows Indexing Service to index this resource. This allows searches to be performed on the resource.

  3. In the Execute Permissions list box, select the appropriate level of script execution:

    • None Do not run scripts or executables on the server.

    • Scripts only Run only scripts on the server.

    • Scripts and Executables Run both scripts and executables on the server.

  4. Click OK. If child nodes for a directory have different Web site permissions configured, the Inheritance Overrides box appears.

    If a child node belonging to the directory whose Web site permissions you have changed has also set the Web site permissions for a particular option, the permissions in the child node will override those you have set for the directory. If you want the Web site permissions at the directory level to apply to the child nodes, you must select those child nodes in the Inheritance Overrides box.

  5. If the Inheritance Overrides box appears, select the child nodes in the Child Nodes list to which you want the directory's Web permissions to apply. You can also click Select All to set the property to apply the Web permissions to all child nodes.

  6. You might see more than one Inheritance Overrides box if more than one property has been defined in the child nodes of the directory. Select the child nodes from the Child Nodes list or click Select All, and then click OK to apply the Web permissions for this property to the child nodes.