http://victorwoo.vicp.net/
Most of the virtual hosts are now disabled: FileSystemObject, because this component provides powerful file system access capabilities for ASP, read, write, copy, delete, rename, etc. Operation (Of course, this refers to the Windows NT / 2A8ZD_000 that is used by default). But after prohibiting this component, the consequences caused by all ASPs that use this component will not be able to run, and cannot meet the needs of customers.
_Head> How to allow both FileSystemObject components, do not affect the security of the server (ie, between different virtual host users cannot use the component to read and write the files)? Here is a method that I have obtained in the experiment, hereinafter, Windows 2A8ZD_000 Server
Take an example.
_Head> Open the resource manager on the server, right-click the disk part of each hard disk partition or volume, select "Properties" in the pop-up menu, select the Security tab, you can see which accounts can be accessed This partition (volume) and access. After the default installation, "Everyone" has full control. Add "Administrators", "Backup Operators", "Power Users", "Users", etc., and give "full control" or corresponding permissions, pay attention, do not give "Guests" group, "IUSR_ machine name" these accounts any permissions. Then, "Everyone" group is then deleted from the list, so that only authorized groups and users can access this hard disk partition, and when the ASP is executed, it is access to the hard disk as "IUSR_ machine name", this is not given here User account permission, ASP
You can't read the files on the hard disk. The following is to set a separate user account to each virtual host user, and then assign each account to a directory that allows its fully controlled. As shown in the figure below, open "Computer Management" → "Local User and Group" → "User", click the right mouse button in the right column, select "New User" in the pop-up menu:
_Head>
In the "New User" dialog box in the pop-up, "User Name", "Full Name", "Description", "Password", "Confirm Password" are entered according to actual needs, and the "user must change the password next time" The right pair is removed, and "the user cannot change the password" and "password never expire". This example is a built-in account "IUSR_VHOST1" to establish an anonymous access Internet information service to the user of the first virtual host, ie: all clients use _blank>
Http: //xxx.xxx.xxxx/ When accessing this virtual host, it is accessed in this identity. Enter the completion of the "creation". You can create multiple users according to actual needs, and after the creation is complete, "Close":
_Head>
Now the newly established user has appeared in the account list, double-click the account in the list to further set:
_Head>
In the pop-up "IUSR_VHOST1" (ie, the new account that is just created) Properties dialog box is "belonging to" tab:
_Head>
_Head> Just established account defaults to "User" group, select the group, click "Delete":
_Head>
_Head> The present now is as shown in the following figure, then "Add" again:
_Head>
_Head> Find "Guests" in the "Select Group" dialog pop-up, click "Add", this group will appear in the text box below, then click "OK": _Head>
_Head>
The appearance is the content shown below, click "OK" to close this dialog box:
_Head>
_Head>
Open the Internet Information Services, start setting the virtual host, in this case to explain the "first virtual host" setting as an example, right-click the host name, select "Properties" in the pop-up menu:
_Head>
_Head> Pop up a "first virtual host property" dialog, from the dialog, you can see the "f: / vhost1" folder: f: / vhost1 ":
_Head>
_Head> For the time being, no matter what the "First Virtual Host Properties" dialog, switch to "F: / Vhost1" folder, right click, select the "Properties" → "Security" tab, At this point, you can see that the default security setting of the folder is "Everyone" full control (depending on the content displayed by different situations), first "allow the inheritance of the inheritance from the parent to the object" " The front right number is removed:
_Head>
_Head> The "Security" warning as shown below is popped up, click "Delete":
_Head>
All groups and users in the Security tab will be empty (if not clear, use "Delete" to empty it), then click the "Add" button.
_Head>
Add "administrator" as shown in the figure, add the new account "IUSR_VHOST1" created in the previous, will give full control permissions, but also add other groups or users according to actual needs, but must not put "guests" group , "IUSR_ machine name" these anonymous access to the account added!
_Head>
_Head> Switch to the "First Virtual Host Properties" of the previously opened, open the "Edit" tab, point anonymous access, and verify control:
_Head>
In the "Verification Method" other box (shown below), click "Edit":
_Head>
The "Anonymous User Account" popped up, the default is "IUSR_Merical Name", click "Browse":
_Head>
_Head> Find the new account "IUSR_VHOST1" created in the "Select User" dialog box, double click:
_Head>
At this point, the anonymous username is changed, and when entering the previous creation in the password box, the password set for the account:
_Head>
_Head> Determine the password again:
_Head>
OK, complete, click OK to close these dialogs. After this setting, the "first virtual host" user uses the ASP's FileSystemObject component to access its own directory: F: / vhost1, when trying to access other content, there will be, such as "no permissions", "The hard disk is not ready", "5A8ZD_00 server internal error" and other errors prompts.
