Re: remove user exe execute permission

From: Bernard (qbernard_at_hotmail.com)
Date: 11/08/03 

Date: Sat, 8 Nov 2003 18:21:26 +0800

I don't quite get you. if iusr a/c don't have
read & execute permission, iusr a/c will not
be able to read or execute the file.

if you have some executable which you like
users to execute and prevent them from download it.
put then in a folder.

In NTFS grant - read and execute
In IIS MMC - home directory tab -
remove the 'read' permission of that folder. 

-- 
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Chris P." <anonymous@discussions.microsoft.com> wrote in message
news:02de01c3a570$606e2fe0$a401280a@phx.gbl...
> For sure I want that my customers to run CGI scripts, but
> I want to prevent them to download or run system commands
> like cmd.exe, net.exe, nbtstat, net share, net user and
> others.
>
> NTFS is not enough because they can download anytime this
> files under there web root folder, eventually rename and
> run.
>
>
> Is there any way to secure my virtual servers?
>
> Thank you,
>
> Chris P.
> MCSE,CCNA
>
>
> >-----Original Message-----
> >Not sure what you're trying to accomplish - let's re-
> iterate:
> >
> >You have .exe etc. files on your Web server:
> >
> >* You don't want anonymous internet user (IUSR_...) to
> run the files on the
> >server as CGI scripts? Then don't create (or delete) CGI
> mappings; use NTFS
> >permissions; or
> >
> >* You want deny downloads of .exe files? Use NTFS
> permissions then; or
> >
> >* Something else?
> >
> >-- 
> >Svyatoslav Pidgorny, MVP, MCSE
> >-= F1 is the key =-
> >
> >"Chris P" <chris@nospam> wrote in message
> >news:008a01c3a49b$cfa85eb0$a601280a@phx.gbl...
> >> Hi,
> >>
> >> I need to remove from IUSR (IIS users) the option to be
> >> able to run any file with the following
> >> extension .exe,.com,.cmd, .bat.
> >>
> >> The NTFS permissions are not useful because they have a
> >> full control under their IIS web folder to their files.
> >>
> >> Is there any way to prevent them to be able to download
> >> and exe file and run from local web folder under .NET by
> >> calling W32_execute_cmd and WMI_execute_cmd.
> >>
> >> Thank you,
> >>
> >> Chris
> >>
> >
> >
> >.
> >

Relevant Pages

  • Re: Startup Script from AD policy
    ... and I can't place the executable on the same folder ... >>> permissions ... >>> How can I force the workstations to execute this remote file? ... >> Microsoft MVP Scripting and ADSI ...
    (microsoft.public.windows.server.scripting)
  • Re: Q.) NTFS rights - How to Append NTFS assignments
    ... The Share is setup to Everyone with Full access and the NTFS ... security restricts the permissions to only those authorized. ... via NTFS from the parent folder being requested to change - however I ... permissions on subfolders, set up different *shares* for your departments.. ...
    (microsoft.public.windows.server.sbs)
  • Re: Folder Access Restriction
    ... I found out that I am using NTFS system. ... Now are you suggesting that I click on the box in the second line titled as ... 'Share this folder' .....> ... In the Share Permissions Dialog Box, I can see the Group or user name = ...
    (microsoft.public.windowsxp.general)
  • Re: Utility/report for effective NTFS rights for a single user/group?
    ... that can determine the effective NTFS rights for a user or a group? ... Technically Rights and Permissions are two distinct things in NT-class ... simplistic in that you have to evaluate each folder individually. ...
    (microsoft.public.windows.server.general)
  • Re: WinXP home edition file permissions
    ... If your hard disk/partition is not NTFS you will need to convert ... In Windows Explorer, go to Tools, Folder Options, View and uncheck ... Here you can assign or deny permissions based on user name or user ... Set, View, Change, or Remove File and Folder Permissions in Windows ...
    (microsoft.public.windowsxp.security_admin)