|
|
|
|
This section describes security settings for specified directory paths within the CreateCustomerWebSite directory structure.
Security settings for the c:\websites\northwindtraders\ directory are as follows:
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>Administrators</trustee>
</ace>
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>System</trustee>
</ace>
<ace user="admins">
<permission>FILE_GENERIC_READ</permission>
<permission>FILE_GENERIC_WRITE</permission>
<permission>FILE_GENERIC_EXECUTE</permission>
<permission>FILE_LIST_DIRECTORY</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
<ace user="anon">
<permission>FILE_LIST_DIRECTORY</permission>
<permission>FILE_READ_EA</permission>
<permission>FILE_READ_ATTRIBUTES</permission>
<permission>READ_CONTROL</permission>
<permission>FILE_TRAVERSE</permission>
<inheritance>SUB_CONTAINERS_ONLY_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trustee>
[Domain]\AllUsers@[OrgName]
</trustee>
</ace>
Security settings for the \websites\northwindtraders\www.northwind.com root path are as follows:
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>Administrators</trustee>
</ace>
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>System</trustee>
</ace>
<ace user="admins">
<permission>FILE_GENERIC_READ</permission>
<permission>FILE_GENERIC_WRITE</permission>
<permission>FILE_GENERIC_EXECUTE</permission>
<permission>FILE_LIST_DIRECTORY</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
<ace user="anon">
<permission>FILE_LIST_DIRECTORY</permission>
<permission>FILE_READ_EA</permission>
<permission>FILE_READ_ATTRIBUTES</permission>
<permission>READ_CONTROL</permission>
<permission>FILE_TRAVERSE</permission>
<inheritance>SUB_CONTAINERS_ONLY_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trustee>
[Domain]\AllUsers@[OrgName]
</trustee>
</ace>
Security settings for the \websites\northwindtraders\www.northwind.com\web directory are as follows:
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>Administrators</trustee>
</ace>
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>System</trustee>
</ace>
<ace user="admins">
<permission>FILE_GENERIC_READ</permission>
<permission>FILE_GENERIC_WRITE</permission>
<permission>FILE_GENERIC_EXECUTE</permission>
<permission>FILE_LIST_DIRECTORY</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
<ace user="anon">
<permission>FILE_LIST_DIRECTORY</permission>
<permission>FILE_READ_EA</permission>
<permission>FILE_READ_ATTRIBUTES</permission>
<permission>READ_CONTROL</permission>
<permission>FILE_TRAVERSE</permission>
<inheritance>SUB_CONTAINERS_ONLY_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\AllUsers@[OrgName]
</trustee>
</ace>
Security settings for the \websites\northwindtraders\www.northwind.com\web\content directory are as follows:
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>Administrators</trustee>
</ace>
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>System</trustee>
</ace>
<ace user="admins">
<permission>FILE_GENERIC_READ</permission>
<permission>FILE_GENERIC_WRITE</permission>
<permission>FILE_GENERIC_EXECUTE</permission>
<permission>FILE_LIST_DIRECTORY</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
<ace user="anon">
<permission>FILE_LIST_DIRECTORY</permission>
<permission>FILE_READ_EA</permission>
<permission>FILE_READ_ATTRIBUTES</permission>
<permission>READ_CONTROL</permission>
<permission>FILE_TRAVERSE</permission>
<inheritance>SUB_CONTAINERS_ONLY_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\AllUsers@[OrgName]
</trustee>
</ace>
<ace>
<permission>GENERIC_READ</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\AllUsers@[OrgName]
</trustee>
</ace>
<ace>
<permission>FILE_GENERIC_WRITE</permission>
<permission>FILE_GENERIC_READ</permission>
<permission>FILE_GENERIC_EXECUTE</permission>
<permission>FILE_LIST_DIRECTORY</permission>
<permission>DELETE</permission>
<inheritance>INHERIT_ONLY</inheritance>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
Security settings for the \websites\northwindtraders\www.northwind.com\logfiles directory are as follows:
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>Administrators</trustee>
</ace>
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>System</trustee>
</ace>
<ace user="admins">
<permission>FILE_GENERIC_READ</permission>
<permission>FILE_GENERIC_WRITE</permission>
<permission>FILE_GENERIC_EXECUTE</permission>
<permission>FILE_LIST_DIRECTORY</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
<ace user="anon">
<permission>FILE_LIST_DIRECTORY</permission>
<permission>FILE_READ_EA</permission>
<permission>FILE_READ_ATTRIBUTES</permission>
<permission>READ_CONTROL</permission>
<permission>FILE_TRAVERSE</permission>
<inheritance>SUB_CONTAINERS_ONLY_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trustee>
[Domain]\AllUsers@[OrgName]
</trustee>
</ace>
Security settings for the c:\websites\northwindtraders\www.northwind.com\logfiles\W3SVC456398) directory are as follows:
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>Administrators</trustee>
</ace>
<ace>
<!--<permission>FILE_ALL_ACCESS</permission>-->
<permission>2032639</permission>
<mode>GRANT_ACCESS</mode>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<trusteeType>TRUSTEE_IS_WELL_KNOWN_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_NAME</trusteeForm>
<trustee>System</trustee>
</ace>
<ace user="admins">
<permission>FILE_GENERIC_READ</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
If <allowChangeToLogFiles> = 1, the following additional Access Control Entries (ACEs) are set:
<ace user="admins">
<permission>DELETE</permission>
<inheritance>INHERIT_ONLY</inheritance>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
<ace user="admins">
<permission>FILE_GENERIC_WRITE</permission>
<permission>FILE_LIST_DIRECTORY</permission>
<inheritance>SUB_CONTAINERS_AND_OBJECTS_INHERIT</inheritance>
<mode>GRANT_ACCESS</mode>
<trusteeType>TRUSTEE_IS_GROUP</trusteeType>
<trusteeForm>TRUSTEE_IS_SID</trusteeForm>
<trustee>
[Domain]\Admins@[OrgName]
</trustee>
</ace>
A container and leaf structure is created in the Customer organizational unit (OU) private directory to maintain data about the Web site for easy lookup without requiring the IIS metabase path, as shown in the following example:
CN=Services
CN=WebSites
CN=www.northwind.com (displayName=IIS://WEB01/W3SVC/344532)
CN=webShareRoot
(displayName=\\WEB01\websites$\Northwind\NorthwindWeb)
 Applies
To |