Re: remove user exe execute permission

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 11/07/03

Next message: S. Pidgorny : "Re: Kerberos and windows 98"
Previous message: Trond Hindenes: "Problem with WIndows 2003 Certificate Services: Computers install certificates from root domain instead of child domain"
In reply to: Chris P: "remove user exe execute permission"
Next in thread: Chris P.: "Re: remove user exe execute permission"
Reply: Chris P.: "Re: remove user exe execute permission"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 7 Nov 2003 23:11:15 +1100

Not sure what you're trying to accomplish - let's re-iterate:

You have .exe etc. files on your Web server:

* You don't want anonymous internet user (IUSR_...) to run the files on the
server as CGI scripts? Then don't create (or delete) CGI mappings; use NTFS
permissions; or

* You want deny downloads of .exe files? Use NTFS permissions then; or

* Something else?

-- 
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Chris P" <chris@nospam> wrote in message
news:008a01c3a49b$cfa85eb0$a601280a@phx.gbl...
> Hi,
>
> I need to remove from IUSR (IIS users) the option to be
> able to run any file with the following
> extension .exe,.com,.cmd, .bat.
>
> The NTFS permissions are not useful because they have a
> full control under their IIS web folder to their files.
>
> Is there any way to prevent them to be able to download
> and exe file and run from local web folder under .NET by
> calling W32_execute_cmd and WMI_execute_cmd.
>
> Thank you,
>
> Chris
>

Next message: S. Pidgorny : "Re: Kerberos and windows 98"
Previous message: Trond Hindenes: "Problem with WIndows 2003 Certificate Services: Computers install certificates from root domain instead of child domain"
In reply to: Chris P: "remove user exe execute permission"
Next in thread: Chris P.: "Re: remove user exe execute permission"
Reply: Chris P.: "Re: remove user exe execute permission"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: .exe uplpoads
... it is impossible for anything on the Web Server to determine ... whether it is an upload or not, thus it is not possible to stop web editors ... allowing upload of .EXE is no biggie. ... >You can use URLScan to disallow .EXE from being accepted ...
(microsoft.public.inetserver.iis)
Local EXE and web server communications
... intranet cannot/does not allow. ... I experimented with creating a HTA file, but the exe reference variable ... The other problem with an HTA is it prompts the user twice: ... The web server needs to initiate the call ...
(microsoft.public.dotnet.languages.vc)
Re: How to disable direct file linkage
... click a link that takes them to a goodie program. ... You could make the GCI script actually emit the .exe file directly as ... How to configure this in your web server software depends very much on ...
(perl.beginners)
Can one refer to GAC on a server?
... the user controls are installed on the client machine ... I want to bypass that and just have the .exe ... from the GAC on the web server. ... The user controls change versions 3 times a year and I want to avoid ...
(microsoft.public.dotnet.framework.remoting)
Re: 2003 Web Server Security flaw
... If a hacker can get past the firewall and into the Web Server, ... he MAY not require someone to be using the program exe. ... Those EXEs use DLLs which the hacker might use. ...
(microsoft.public.windows.server.security)