Windows服务器上IIS网站权限设置

技术问题

Windows服务器上IIS网站权限设置

2024-09-02 10:28


Windows服务器上IIS网站权限设置

                                            




Windows服务器上IIS网站权限:
icacls "d:\cvhost\网站父目录" /grant "匿名用户:(OI)(CI)R" "程序池用户:(OI)(CI)R" /C
icacls "d:\cvhost\网站父目录" /grant "匿名用户:(CI)(X)" "程序池用户:(CI)(X)" /C
icacls "d:\cvhost\网站父目录" /deny "匿名用户:(OI)(CI)(WA,WEA)" "程序池用户:(OI)(CI)(WA,WEA)" /C
icacls "d:\cvhost\网站父目录\wwwroot" /grant "匿名用户:(OI)(CI)W" "程序池用户:(OI)(CI)W" /C
icacls "d:\cvhost\网站父目录\wwwroot" /grant "匿名用户:(OI)(CI)(DE,WDAC)" "程序池用户:(OI)(CI)(DE,WDAC)" /C
icacls "d:\cvhost\网站父目录\wwwroot" /deny "匿名用户:(DE)" "程序池用户:(DE)" /C
icacls "d:\cvhost\网站父目录\database" /grant "匿名用户:(OI)(CI)W" "程序池用户:(OI)(CI)W" /C
icacls "d:\cvhost\网站父目录\database" /grant "匿名用户:(OI)(CI)(DE,WDAC)" "程序池用户:(OI)(CI)(DE,WDAC)" /C
icacls "d:\cvhost\网站父目录\database" /deny "匿名用户:(DE)" "程序池用户:(DE)" /C
说明:有的网站是有专门的程序池用户,如果程序池是默认ApplicationPoolIdentity用户运行,就请将上面的“程序池用户”权限全部删除
         并对"d:\cvhost\网站父目录"加IIS_IUSRS读取:icacls "d:\cvhost\网站父目录" /grant "IIS_IUSRS:(OI)(CI)RC" /C
         请将上面的匿名用户和程序池用户替换为你真实的用户和网站的实际目录
         另外还要加Administrators和SYSTEM“此文件夹和子文件夹和文件”“完全控制”
以上网站的根目录是"d:\cvhost\网站父目录\wwwroot",而"d:\cvhost\网站父目录\database"为网站的数据库目录

下面是网站的完整权限(程序池是默认ApplicationPoolIdentity用户运行):

@echo off
color 1f
title 网站权限设置
echo 下面是删除D盘不需要的权限
icacls d:\ /remove everyone /C
icacls d:\ /remove users /C
icacls d:\ /remove "creator owner" /C
icacls d:\ /remove *S-1-15-2-1 /C
icacls d:\ /remove *S-1-15-2-2 /C
icacls d:\ /remove *S-1-5-11 /C
icacls d:\ /remove *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /C
echo 下面对网站目录设置权限"d:\cvhost\web001\wwwroot"为网站的根目录
echo 请将下面网站运行的匿名用户替换为你自己网站的实际匿名用户名
icacls "d:\cvhost\web001" /grant "匿名用户:(OI)(CI)R" /C
icacls "d:\cvhost\web001" /grant "匿名用户:(CI)(X)" /C
icacls "d:\cvhost\web001" /grant "IIS_IUSRS:(OI)(CI)RC" /C
icacls "d:\cvhost\web001" /deny "匿名用户:(OI)(CI)(WA,WEA)" /C
icacls "d:\cvhost\web001\wwwroot" /grant "匿名用户:(OI)(CI)W" /C
icacls "d:\cvhost\web001\wwwroot" /grant "匿名用户:(OI)(CI)(DE,WDAC)" /C
icacls "d:\cvhost\web001\wwwroot" /deny "匿名用户:(DE)" /C
pause>nul

label :
  • Windows服务器上IIS网站权限设置