Microsoft KB Archive/313083

= HOW TO: Use the Permissions Wizard in Internet Information Services =

Article ID: 313083

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Small Business Server 2000 Standard Edition

-



This article was previously published under Q313083



IN THIS TASK
SUMMARY
 * To Use the Permissions Wizard to Inherit Settings
 * To Use the Permissions Wizard to Apply a Security Template
 * Troubleshooting



SUMMARY
This article describes how to use the Permissions Wizard to set up basic Internet Information Services (IIS) 5.0 security for a Web site.

With the Permissions Wizard, you can easily establish and maintain security settings in IIS 5.0. The Permissions Wizard guides you through the following tasks
 * How to set up permissions on an IIS Web site.
 * How to set up authenticated access on an IIS Web site.

that make it easier for you to set up and to manage a Web site that requires authenticated access to its content.

To set up Web permissions, File Transfer Protocol (FTP) permissions, NTFS file system access permissions, and authentication schemes, the Permissions Wizard uses a scenario-based approach: Instead of setting each area with a separate user interface, you select the scenario that corresponds to the requirements of your site and the wizard sets all of the access permissions and authentication schemes for you. One of the advantages of the scenario-based approach is that the wizard ensures that the Web (or FTP) permissions and the NTFS permissions are properly coordinated and that the correct authentication scheme is used. You can set additional access permissions for Web users in the IIS snap-in.

back to the top

To Use the Permissions Wizard to Inherit Settings
NOTE: If you run the Permissions Wizard for a Web site and you choose to inherit all security settings, customers may be denied access to the Web site. To correct this behavior, in the Home Directory property sheet for the Web site, select the Read and Scripts only permissions. When you are prompted, have all virtual directories and files inherit these settings.
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. You can also open the custom Microsoft Management Console (MMC) that contains the IIS snap-in.
 * 2) Click the Web site or directory for which you want to set permissions.
 * 3) On the Action menu, point to All Tasks, click Permissions Wizard, and then click Next.
 * 4) In the Security Settings dialog box, click Inherit all security settings. When you choose this option, inherited security settings are applied to the Web site or directory from its parent. Click Next.
 * 5) In the Windows Directory and File Permissions dialog box, click one of the following options, and then click Next:
 * 6) * Click Replace all directory and file permissions to replace the existing permissions with new permissions that you select in the Permissions Wizard.
 * 7) * Click Leave current directory and file permissions intact, and add the recommended permissions to keep the existing permissions intact and to add the new permissions options that you select in the Permissions Wizard.
 * 8) * Click Keep the current directory and file permissions to keep the existing permissions intact. This option does not make any changes to the NTFS folder or file permissions.
 * 9) In the Security Summary dialog box, review your security settings, click Next, and then click Finish.

The Permissions Wizard automatically sets the security levels that are listed in the Security Summary dialog box.

back to the top

To Use the Permissions Wizard to Apply a Security Template

 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. You can also open the custom MMC that contains the IIS snap-in.
 * 2) Click the Web site or directory for which you want to set permissions.
 * 3) On the Action menu, point to All Tasks, click Permissions Wizard, and then click Next.
 * 4) In the Security Settings dialog box, click Select new security settings from a template, and then click Next.
 * 5) In the Site Scenario dialog box, select one of the following two templates for configuring security:
 * 6) * Public Web Site:
 * 7) ** This template is the most common configuration in which the information on the site is intended for public consumption over the Internet.
 * 8) ** This template applies security settings that are cross-browser compatible and that provide access to the site regardless of whether or not the user has a Windows 2000 account for the network that is being accessed.
 * 9) ** This template uses Anonymous authentication with which users can view all files and access Active Server Pages (ASP) applications on your Web server.
 * 10) ** With this template, administrators have complete control over the site.
 * 11) * Secure Web Site:
 * 12) ** You can use this configuration for corporate extranets, which are intranets that are accessed over the Internet.
 * 13) ** Information on the site is intended for restricted consumption.
 * 14) ** This template uses Basic authentication, Digest authentication, or Integrated Windows authentication.
 * 15) ** With this template, only authorized users can view all files and access ASP applications on your Web server.
 * 16) ** With this template, administrators have complete control over the site.
 * 17) ** This template applies security settings that only users with Windows 2000 user accounts can access.
 * 18) Click Next.
 * 19) In the Windows Directory and File Permissions dialog box, click one of the following options, and then click Next:
 * 20) * Click Replace all directory and file permissions to replace the existing permissions with new permissions that you select in the Permissions Wizard.
 * 21) * Click Leave current directory and file permissions intact, and add the recommended permissions to keep the existing permissions intact, and to add the new permissions options that you select in the Permissions Wizard.
 * 22) * Click Keep the current directory and file permissions to keep the existing permissions intact. This option does not make any changes to the NTFS folder or file permissions.
 * 23) In the Security Summary dialog box, review your security settings, click Next, and then click Finish.

The Permissions Wizard automatically sets the security levels that are listed in the Security Summary dialog box.

back to the top

To Reset Inherited Permissions to the Parent Directory or the Web Site
You can use the Permissions Wizard to reset the permissions for a virtual directory or Web site to inherit permissions from its parent:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. You can also open the custom MMC that contains the IIS snap-in.
 * 2) Click the Web site or the directory for which you want to set permissions.
 * 3) On the Action menu, point to All Tasks, click Permissions Wizard, and then click Next.
 * 4) Click Inherit all security settings to inherit security settings from the parent Web site or directory, and then click Next.
 * 5) Select the file permissions that you want, and then click Next.
 * 6) Click Next, and then click Finish.

NOTE: If you run the Permissions Wizard for a Web site and you choose to inherit all security settings, customers may be denied access to the Web site. To correct this behavior, open the Home Directory property sheet for the Web site, and then select the Read and Scripts only permissions. When you are prompted, have all virtual directories and files inherit these settings.

back to the top

Keywords: kbhowto kbhowtomaster KB313083

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.