Securing Your IIS Log File Folder

It is recommended that you secure access to your IIS log file directory. IIS log files contain sensitive information such as the following:

• File names
• Directory paths
• Cookies****

Note

• Sites that use cookies store encrypted cookies containing userIds in the log files.

By default, IIS log files are stored in the <drive>:\WINNT\system32\LogFiles\W3SVC*#* folder on the computer running IIS, where <drive> is the drive partition where Windows is installed, and # is the number of the site. For example, the default location of the log file folder for the default Web site where Windows is installed on drive C: would be as follows:

C:\WINNT\system32\LogFiles\W3SVC1

To secure the IIS Web Log folder

It is recommended that you set NTFS security permissions on the <drive>:\WINNT\system32\LogFiles folder. Setting security permissions on this folder protects log files for all sites on your Web server.

1. Using Windows Explorer, navigate to the <drive>:\WINNT\system32\LogFiles folder on your IIS server.

2. Right-click the LogFiles folder, and then click Properties.

3. In the LogFiles Properties dialog box, click the Security tab.

4. On the Security tab, clear the Allow inheritable permissions from parent to propagate to this object checkbox.

5. In the Security dialog box, click CopyIn the Name box, click CREATOR OWNER and then click Remove.

6. In the Name box, click Power Users and then click Remove.

7. In the Name box, click Users (<Server name>\Users), and then click Remove.

   Note

   • The remaining users in the Name box should be Administrators (<Server name>\Administrators) and SYSTEM, both of which are granted Full Control permissions to this folder. This is the recommended security setting for this folder.

8. In the LogFiles Properties dialog box, click OK.

For more information about setting NTFS security on files and folders, search for the keyword "NTFS" in Windows 2000 Help.

Copyright © 2005 Microsoft Corporation.
All rights reserved.