| 74 |
| Remove anonymous access from IIS and folders to improve security |
| If you set up Windows 2000 Professional systems to host a Web site with IIS, consider removing |
| anonymous access in IIS to provide better security--particularly if those systems are connected |
| directly to the Internet. Windows 2000 Professional systems don't make good Web servers because |
| of their limitation to a maximum of 10 concurrent users. For that reason, Windows 2000 |
| Professional systems are most useful in small workgroups, where anonymous access isn't really |
| In situations where you do need to provide access to a Windows 2000 Professional system's folders |
| for anonymous use, remove anonymous access from the computer itself. Then, add a virtual |
| directory on a Web site hosted by a Windows 2000 Server and point the virtual directory to the |
| folder on the Windows 2000 Professional system that contains the data you need to share. When |
| you create the virtual directory, you can specify the account credentials on the Windows 2000 |
| Professional machine that the IIS server will use to retrieve the data. The result is that the data is |
| anonymously available but not directly from the Windows 2000 Professional machine. |
| To remove anonymous access from IIS, open the IIS console on the Windows 2000 Professional |
| computer. Right-click the default Web site and choose Properties. Click the Directory Security tab |
| and then click Edit in the Anonymous Access And Authentication Control group. Clear the |
| Anonymous Access option and click OK. Click OK to close the site's property sheet. |
| You should also consider changing the default permissions on the computer's Inetpub folder, as |
| well. By default, the Everyone group has Full Control of the folder and child folders. Think about |
| creating a security group and giving only that security group access to the folder (along with the |
| system and administrators). Users of that security group will still be able to access the Web site |
| hosted by the computer by providing a user account that belongs to the group. |
First Previous Next Last |