4.3.2 Controlling Access
After authenticating users, you can control the users' access to resources on your server. IIS 6.0 uses two
layers of access control: General Access permissions and NTFS permissions. General Access permissions
apply to all HTTP clients and define access to server resources. General Access Permissions can be set at the
Web site, directory, and file levels. NTFS permissions define what level of access individual user accounts
have to folders and files on the server.
TABLE 4.2: General Access Permissions
Allows users to gain access to static files, such as .html, .htm
or .txt files, by using a Web browser or Web folder. Disabling
Read permissions prevents anyone from viewing your Web
site’s .html files.
Allows users to change the content of static files on a Web site.
Directory Browsing Displays a list of files and subfolders in the home directory if a
default web page is not defined or is absent.
Script Source Access Is only available only if either the Read or Write permissions are
enabled. This allows a user to read the source code if Read
permissions are enabled; and allows a user to write to the source
code if Write permissions are enabled.
Note: Read and Write permissions only affect static files such as .html, .htm
and .txt files. They do not affect scripts or executable files.
You can also set Execute permissions on a per-Web site and per-directory basis.
TABLE 4.3: Execute Permissions
Does not allow any programs or scripts to run in the specified
Web or directory.
Allows applications that are mapped to a script engine to run in
the specified directory without having the Execute permission
set. This permission is more secure than the Scripts and
Scripts and Executables Allows application, including applications that are mapped to
script engines, Windows binary files, and .dll and .exe files, to
run in the specified directory. When this option is enabled, a user
who has Write access can upload and run potentially harmful
programs on the server.
Note: If your IIS installation and directories are consolidated on NTFS
volumes, you can also use NTFS permissions in Windows Server 2003 to
secure your Web server.