|
Home > Archive > IIS Server Security > November 2006 > Disable serverobject
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Disable serverobject
|
|
|
| Hi,
Some of my users are using this function :
set fso=server.createobject("scripting.filesystemobject")
but I've seen that it can read directly in any file, so I just want to
disable the library scripting in IIS but I don't know how.
Thx
| |
| Daniel Crichton 2006-11-13, 8:59 am |
| HEGMS wrote on Wed, 8 Nov 2006 08:19:01 -0800:
> Hi,
>
> Some of my users are using this function :
>
> set fso=server.createobject("scripting.filesystemobject")
>
> but I've seen that it can read directly in any file, so I just want to
> disable the library scripting in IIS but I don't know how.
> Thx
It can only read any file that the user account IIS is running under has
permission to read. Just remove execute permissions to the scripting runtime
DLL (normally c:\windows\system32\scrrun.dll) for the IIS anonymous user
account, or stop giving full access to the anonymous account to all your
files.
Dan
|
|
|
|
|