Setting Anonymous 'Write and Execute' Permission to a folder

Hi Ken,

> Are you talking about setting NTFS permissions? Or setting the permissions
> in IIS Manager?
>
> Confusingly, both these permissions Write and Execute, refer to permissions
> that can be set in both NTFS ACLs, and also in IIS Manager.

I'm talking about both permissions.
- IIS permissions set to 'Scripts and Executables' and 'Write'
- NTFS permissions for IUSR_xxxx (Internet Guest Account) set to 'Write'

This configuration allow an executable in a specific directory to run as
well as write to data files (such as txt files) in that directory.

Taking away the NTFS write permission fir IUSR_xxxx will allow the
executable to run but it will no longer be able to write to data files in
that directory.

David provided me with alot of good advise, and in fact, I have discovered
that in IIS, I do not have to have 'Write' access enabled after all!

I can simply enable IIS 'Scripts and Executables' (with no IIS read / IIS
write access), then in NTFS enable the IUSR_xxx to have write access. This
configuration allows an anonymous user to run my executable which can read
and write to data files as well as report data contained in those data files.
I originally thought that I had to have IIS 'Write' and 'Scripts and
Executables' but now I see that IIS 'Write' was not required at all!

Please let me know if it is safe to run in this latest configuration now
that IIS 'Write' is no longer enabled.

Best Regards,

Jeff
 >> Stay informed about: Setting Anonymous 'Write and Execute' Permission to a folder 

On Jan 17, 9:40 am, Jeff Dunlap <JeffDun... DeleteThis @discussions.microsoft.com>
wrote:
> Hi Ken,
>
> > Are you talking about setting NTFS permissions? Or setting the permissions
> > in IIS Manager?
>
> > Confusingly, both these permissions Write and Execute, refer to permissions
> > that can be set in both NTFS ACLs, and also in IIS Manager.
>
> I'm talking about both permissions.
>   - IIS permissions set to 'Scripts and Executables' and 'Write'
>   - NTFS permissions for IUSR_xxxx (Internet Guest Account) set to 'Write'
>
> This configuration allow an executable in a specific directory to run as
> well as write to data files (such as txt files) in that directory.
>
> Taking away the NTFS write permission fir IUSR_xxxx will allow the
> executable to run but it will no longer be able to write to data files in
> that directory.
>
> David provided me with alot of good advise, and in fact, I have discovered
> that in IIS, I do not have to have 'Write' access enabled after all!  
>
> I can simply enable IIS 'Scripts and Executables' (with no IIS read / IIS
> write access), then in NTFS enable the IUSR_xxx to have write access.  This
> configuration allows an anonymous user to run my executable which can read
> and write to data files as well as report data contained in those data files.
>  I originally thought that I had to have IIS 'Write' and 'Scripts and
> Executables' but now I see that IIS 'Write' was not required at all!
>
> Please let me know if it is safe to run in this latest configuration now
> that IIS 'Write' is no longer enabled.
>
> Best Regards,
>
> Jeff


Yes, I was going to point you in the same direction that you just
took. It is more secure.

Here is explanation for your confusion:
http://blogs.msdn.com/david.wang/archive/2005/08/20/Why-can-I-upload-a...le-with


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
 >> Stay informed about: Setting Anonymous 'Write and Execute' Permission to a folder