Most of the virtual hosts are now disabled: FileSystemObject, because this component provides powerful file system access capabilities for ASP, read, write, copy, delete, rename, etc. Operation (Of course, this refers to the Windows NT / 2A8ZD_000 that is used by default). But after prohibiting this component, the consequences caused by all ASPs that use this component will not be able to run, and cannot meet the needs of customers. How to allow both FileSystemObject components, do not affect the security of the server (ie: Different virtual host users can not use the component to read and write the files)? Here is a method that I have obtained in the experiment, which is described below with Windows 2A8ZD_000 Server as an example. Open the resource manager on the server, right-click the drive letter of each hard disk partition or volume, select "Properties" in the pop-up menu, select the Security tab, you can see which accounts can be accessed to access this partition Volumes and access rights. After the default installation, "Everyone" has full control. Add "Administrators", "Backup Operators", "Power Users", "Users", etc., and give "full control" or corresponding permissions, pay attention, do not give "Guests" group, "IUSR_ machine name" these accounts any permissions. Then, "Everyone" group is then deleted from the list, so that only authorized groups and users can access this hard disk partition, and when the ASP is executed, it is access to the hard disk as "IUSR_ machine name", this is not given here User account permissions, ASP can also read and write files on the hard disk. The following is to set a separate user account to each virtual host user, and then assign each account to a directory that allows its fully controlled. As shown in the figure below, open "Computer Management" → "Local User and Group" → "User", click the right mouse button in the right column, select "New User" in the pop-up menu: "New User" dialog box According to the actual needs, "User Name", "Full Name", "Description", "Password", "Confirm Password", and to change the "user next login, change the password", select "Users cannot Change password "and" password never expire ". This example is a built-in account "IUSR_VHOST1" that establishes an anonymous access Internet information service to the user of the first virtual host, ie when all clients use http: //###.###.xxxx/ to access this virtual host, It is all accessed by this identity. Enter the completion of the "creation".
You can create multiple users according to actual needs. After the creation is complete, "Close": Now the newly established user has appeared in the account list, double-click the account in the list to further set: "IUSR_VHOST1" in the pop-up: That is, the new account that just created) Properties dialog box: Subordinate "tab: Just created account defaults belongs to the" User "group, select the group, click" Delete ": The present is as shown below, this Point "Add": Find "Guests" in the "Select Group" dialog box pop-up, click "Add", this group will appear in the following text box, then click "OK": The appearance is as follows The content shown, click "OK" to close this dialog: Open "Internet Information Service", start setting the virtual host, in this case, to explain the "first virtual host" setting as an example, right-click the host Name, select "Properties" in the pop-up menu: Pop up a "first virtual host property" dialog box, can see the "F: / Vhost1" folder from the dialog box: F: / vhost1 "folder: Temporarily, no matter what the "First Virtual Host Properties" dialog, switch to "F: / Vhost1" folder, right click, select the "Properties" → "Security" tab, at this time It can be seen that the default security setting of the folder is "Everyone" full control (depending on the content displayed by different situations), first "allowing the inheritance of the inheritance from the parent to the object" to the object ". Remove the log: At this time, "Security" warning as shown below is pop, click "Delete": All groups and users in the Security tab will be emptied (if not clear, please use "Delete" Clear), then click the "Add" button.
