[thelist] IIS 5.1 setup

Ken Schaefer ken.schaefer at gmail.com
Sun Sep 5 03:06:26 CDT 2004


Hi,

Looks good to me.

Just ensure that "some_other_user" doesn't have an easy-to-guess password.

Additionally, Remote Desktop can be used for simple administrative
operations (including moving files around) if you have a decent
connection. RDP is an encrypted protocol, so your credentials are
passed encrypted across the wire, as opposed to FTP. Or the other
option would be WebDAV over HTTPS.

In any case, the chances of someone sniffing your FTP
username/password are probably fairly low.

Cheers
Ken


On Fri, 3 Sep 2004 16:03:26 +0100, Oguz Solok <oz at solokweb.co.uk> wrote:
> Hello everybody
> 
> I am planning to run a personal web site on a broadband connection at
> home.
> I would also like to be able to make changes to the site while I am away
> from home.
> 
> I am running XP Pro. I installed IIS 5.1 with default settings. After
> this I
> ran ISS lockdown tool. I also cleared all files and folders installed by
> default in wwwroot folder under Inetpub folder. So there are only empty
> wwwroot and ftp root folders under Inetpub
> 
> The eventual content of the site is on a disk partition reserved for
> this
> purpose, say (D:\test). I pointed to that location in Home Directory
> property sheets for www and ftp sites.
> 
> Summary of set-up
> 
> Default Web site properties:
> -----------------------------
> Anonymous access (IUSR_machinename)
> Local Path: D:\test
> Permissions: Read, Log visits
> 
> Default FTP site properties:
> ----------------------------
> NOT allowed Anonymous access
> Local Path: D:\test (same as WWW)
> Permission : Read, Write, Log visits
> 
> NTFS file permissions for D:\test:
> ----------------------------------
> IUSR_machinename: Read&Execute, List Folder Contents, Read
> some_other_user: Full Control (this is the only folder this user has any
> rights)
> 
> Everything seems to work fine. When I connect to that machine from
> another
> machine on my network using http://machinename I can see the pages and I
> receive the password prompt when I use ftp://machinename as expected. I
> was
> also able to connect using WS_FTP and manipulate folders from a machine
> outside my network.
> 
> My question is, is this a reliable set-up? This is not a
> mission-critical
> project and purely for my own amusement so I don't need Enterprise level
> high security but of course I would not wish to open a door into my
> computer
> inadvertently or place a node on Internet that could be used
> maliciously.
> 
> Many thanks in advance
> 
> TJB


More information about the thelist mailing list