|Dreamweaver UltraDev is no longer supported, and the Dreamweaver UltraDev support center will no longer be actively updated. The functionality available in Dreamweaver UltraDev is available in Dreamweaver, beginning with Dreamweaver MX. Accordingly, we are moving pertinent content to the Dreamweaver support center. Please refer to the Dreamweaver version of this technote: Setting IIS Web server permissions (TechNote 19067).|
It is important to understand the distinction between Windows IIS Web server permissions and Windows NT/2000 NTFS (NT file system) permissions. Unlike NTFS permissions, web server permissions apply to all users accessing a web site. NTFS permissions apply only to a specific user or group of users with a valid Windows account. NTFS controls access to physical directories on the server, whereas web permissions control access to the virtual directories comprising the web site.
Web access permissions use the Windows account IUSR_computername, where "computername" is the name of the server on which IIS is running. When users access a site using anonymous authentication, they use this account. By default, IUSR_computername is given the "Guest" group's NTFS permissions by IIS for the actual folders that comprise the web site. These permissions can, however, be changed for any folder or file in a site. For example, web server permissions can be used to control whether users visiting a web site are allowed to view a particular page, upload information, or run scripts and executables on the site. NTFS permissions can be applied to prevent ordinary users from accessing private files and directories.
Note: Disabling web server permissions in IIS, such as disabling the Read permission, restricts all users from viewing a file, regardless of the NTFS permissions applied to those users' accounts. Enabling Read permission in IIS will allow all users to view that file, unless NTFS permissions that restrict access have been applied. If both web server and NTFS permission are set, the permissions that explicitly deny access take precedence over permissions that grant access. If web permissions and NTFS permissions differ for a directory or file, the more restrictive settings are used.
- Read (selected by default) Users can view directory or file content and properties. This permission should be enabled for sites created with UltraDev.
- Write Users can change directory or file content and properties. This permission is usually disabled for sites created with UltraDev.
- Script Source Access Users can access source files. If Read is selected, then source can be read, if Write is selected, then source can be written to. Script Source Access includes the source code for scripts, such as the scripts in an ASP application. This option is not available if neither Read nor Write is selected.
- Directory browsing Users can view file lists and collections.
- Log visits A log entry is created for each visit to the Web site.
- Index this resource Allows Indexing Service to index this resource. This allows searches to be performed on the resource.
- None Do not run scripts, such as ASP applications, or executables on the server. ASP pages will not work if this permission is set to None.
- Scripts only Run only scripts, such as ASP applications, on the server. This is the recommended setting for ASP web applications created with UltraDev.
- Scripts and Executables Run both scripts, such as ASP applications, and executables on the server.
For more detailed information about web server permissions, please refer to the IIS Technical Documentation. If IIS is installed, the product documentation can be viewed by typing http://localhost/iisHelp/ in your browser address bar and pressing Enter.
For additional information, please refer to Understanding Anonymous Authentication and the IUSR Account (TechNote 15378) and WWW Authentication Methods (TechNote 15383).
For an excellent source of information on security issues with IIS, visit the Microsoft Security Advisor Web site.