One, the advantage of such configuration?

Do not know everybody to had listened to margent? I explain simply: The individual thinks black drop A site, but search to search to do not have discovery available flaw, undesigned his discovery and A are the same as a server to go up to still have a B site, and be on B site found available flaw, then he uploads the trojan from inside B station to the server, if server attributive configuration is undeserved, so he is OK now black drop all sites on the server! If we are every site to build an user, install this user to visit the attributive of this site only, can be visit attributive control so inside every site folder, margent problem also was solved.

2, preparation works

1, moving environment: Win2K server edition IIS 5.0

2, file system: Each divisional file system is NTFS

3, site folder: E dish next building two folder Web001 and Web002

4, build a site: Two sites Web001 and Web002 are built in IIS, site folder is E:\ respectivelyWeb001 and E:\Web002, appoint IP for 192.168.0.146, port is respectively 101 with 102.

OK, input Http://192.168.0.146:1 respectively in IE01 with Http://192.168.0.146:102 tests whether do two sites build a success.

3, configuration process

1, build user group and user

Build Webs of one user group, all be subordinate to belongs to all site user after this groups, in order to facilitate attributive allocates.

Build user Web01, the attention wants a hook to choose ” password to never expire ” (can appear rear otherwise “HTTP 401.1 - not accredit: Entry failure ” ) , install its only subject at Webs user group. Be in likewise build an user Web02.

2, setting of each divisional NTFS attributive

The safe options check that opens each partition is ordinal award to each partition Administrator and System control limits of authority completely, install Webs group to reject limits of authority completely.

3, setting of attributive of site folder NTFS

Open E:\Window of Web01 folder attribute, choose safe options card, first take out ” allows to will come from patrilineal can accede the hook before attributive transmits this object ” , delete successive attributive via playing the option in the dialog box that give.

Ensure Administrator, System and Web01 have complete control limits of authority to this folder finally.

E:\Web02 folder also is installed euqally.

4, the faceless visit user that installs each site

Web01 site property is opened in IIS, faceless visit of → of selection list security and → of control of test and verify edit, the hook before ” of test and verify of compositive Windows of take out ” , edit the account that faceless visit uses again, install faceless visit account to also install) euqally for Web01(web02 site.

4, test

Will veteran written stationmaster assistant is put to Web02 the test has in the site, outside dividing site file to be able to be browsed via the test, other partition all cannot be visited.