SecureDirectoriesIIS

Here's a quick howto for securing certain directories on IIS. I'm doing this example and screenshots from Windows XP, but it should work the same on a Windows 2000 machine. First of all, I have c:\Inetpub\wwwroot as my Home Directory:

Create a test directory to secure, or select an existing directory. For the purposes of this demonstration, I created an "admin" directory under c:\Inetpub\wwwroot:

Create an index.html file in the admin directory with the following contents:

<html>
  <head>
    <title>Login Success</title>
  </head>
	
<body>
Congrats - you made it!
</body>

</html>

Now we need to configure IIS to protect the "admin" folder from just anyone.

• Open the IIS Admin Console (Start -> Programs -> Administrative Tools -> Internet Information Services)
• Navigate to COMPUTER_NAME -> Web Sites -> Default Web Site
• Right-click -> Properties for the "admin" folder
• Select the Directory Security tab and click the "Edit" button to change Anonymous access and authentication control
• Uncheck Anonymous access, check Basic authentication (selecting the default domain) and leave Integrated Windows authentication checked
• Stop and restart Default Web Site

Integrated Windows authentication will allow users to auto-login if they're using IE and logged into the domain. Basically, this setup will allow only domain users to view the "admin" folder.