|
Home > Archive > IIS Server Security > March 2004 > Permissions on ASP.DLL in .\system32\inetsrv folder
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Permissions on ASP.DLL in .\system32\inetsrv folder
|
|
| Rod Tesanovic 2004-03-30, 1:41 pm |
| Hi,
I faced quite a challenge after setting up CA server on
domain controller on freshly installed Windows 2003
Server. Anyone except domain administrators could not
access .\certsrv WEB page. After tremendous time of
checking possible and impossible I finally got to ASP.DLL
where "domain\user" group was the one to have read access,
but there was no groups like Everyone or "domain\domain
users". As soon as I put my testing account
into "domain\user" group all was good.
My question is: Why is this set this way by default
obviously? What would be the recommendation for security
maintenance of ASP.DLL? Do I just give "domain users" read
and read & execute or .
Thanks
| |
| Bernard 2004-03-31, 2:36 am |
| You might want to try this kb.
INFO: Default Permissions and User Rights for IIS 6.0
http://support.microsoft.com/?id=812614
I setup CA /certsrv before, I do not have any problem with it,
by default, /certsrv allow anonymous acces.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Rod Tesanovic" <anonymous@discussions.microsoft.com> wrote in message
news:15ac501c4167e$a9be2e00$a301280a@phx
.gbl...
> Hi,
>
> I faced quite a challenge after setting up CA server on
> domain controller on freshly installed Windows 2003
> Server. Anyone except domain administrators could not
> access .\certsrv WEB page. After tremendous time of
> checking possible and impossible I finally got to ASP.DLL
> where "domain\user" group was the one to have read access,
> but there was no groups like Everyone or "domain\domain
> users". As soon as I put my testing account
> into "domain\user" group all was good.
>
> My question is: Why is this set this way by default
> obviously? What would be the recommendation for security
> maintenance of ASP.DLL? Do I just give "domain users" read
> and read & execute or .
>
> Thanks
>
| |
| Rod Tesanovic 2004-03-31, 12:41 pm |
| All seem to be OK except that my built-in domain local
group USERS was not inhabited by "domain users". Thanks a
lot for a useful link.
>-----Original Message-----
>You might want to try this kb.
>INFO: Default Permissions and User Rights for IIS 6.0
>http://support.microsoft.com/?id=812614
>
>I setup CA /certsrv before, I do not have any problem
with it,
>by default, /certsrv allow anonymous acces.
>
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>http://www.msmvps.com/bernard/
>
>
>"Rod Tesanovic" <anonymous@discussions.microsoft.com>
wrote in message
> news:15ac501c4167e$a9be2e00$a301280a@phx
.gbl...
ASP.DLL[color=darkred]
access,[color=darkred]
read[color=darkred]
>
>
>.
>
|
|
|
|
|