Permissions on ASP.DLL in .\system32\inetsrv folder

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Permissions on ASP.DLL in .\system32\inetsrv folder

Last Thread Next Thread Next

Permissions on ASP.DLL in .\system32\inetsrv folder

Rod Tesanovic

03-30-04 06:41 PM

Hi,

I faced quite a challenge after setting up CA server on
domain controller on freshly installed Windows 2003
Server. Anyone except domain administrators could not
access .\certsrv WEB page. After tremendous time of
checking possible and impossible I finally got to ASP.DLL
where "domain\user" group was the one to have read access,
but there was no groups like Everyone or "domain\domain
users". As soon as I put my testing account
into "domain\user" group all was good.

My question is: Why is this set this way by default
obviously? What would be the recommendation for security
maintenance of ASP.DLL? Do I just give "domain users" read
and read & execute or .

Thanks

[ Post a follow-up to this message ]

Re: Permissions on ASP.DLL in .\system32\inetsrv folder

Bernard

03-31-04 07:36 AM

You might want to try this kb.
INFO: Default Permissions and User Rights for IIS 6.0
http://support.microsoft.com/?id=812614

I setup CA /certsrv before, I do not have any problem with it,
by default, /certsrv allow anonymous acces.


--
Regards,
Bernard Cheah
http://support.microsoft.com/
http://www.msmvps.com/bernard/


"Rod Tesanovic" <anonymous@discussions.microsoft.com> wrote in message
 news:15ac501c4167e$a9be2e00$a301280a@phx
.gbl...
> Hi,
>
> I faced quite a challenge after setting up CA server on
> domain controller on freshly installed Windows 2003
> Server. Anyone except domain administrators could not
> access .\certsrv WEB page. After tremendous time of
> checking possible and impossible I finally got to ASP.DLL
> where "domain\user" group was the one to have read access,
> but there was no groups like Everyone or "domain\domain
> users". As soon as I put my testing account
> into "domain\user" group all was good.
>
> My question is: Why is this set this way by default
> obviously? What would be the recommendation for security
> maintenance of ASP.DLL? Do I just give "domain users" read
> and read & execute or .
>
> Thanks
>

[ Post a follow-up to this message ]

Re: Permissions on ASP.DLL in .\system32\inetsrv folder

Rod Tesanovic

03-31-04 05:41 PM

All seem to be OK except that my built-in domain local
group USERS was not inhabited by "domain users". Thanks a
lot for a useful link.

>-----Original Message-----
>You might want to try this kb.
>INFO: Default Permissions and User Rights for IIS 6.0
>http://support.microsoft.com/?id=812614
>
>I setup CA /certsrv before, I do not have any problem
with it,
>by default, /certsrv allow anonymous acces.
>
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>http://www.msmvps.com/bernard/
>
>
>"Rod Tesanovic" <anonymous@discussions.microsoft.com>
wrote in message
> news:15ac501c4167e$a9be2e00$a301280a@phx
.gbl... 
ASP.DLL 
access, 
read 
>
>
>.
>

[ Post a follow-up to this message ]