Raible's Wiki: SecureDirectoriesIIS

At line 1 removed 1 line.

Here's a quick howto for securing certain directories on IIS. I'm doing this example and screenshots from Windows XP, but it should work the same on a Windows 2000 machine. First of all, I have c:\Inetpub\wwwroot as my Home Directory:

At line 3 removed 30 lines.

[http://raibledesigns.com/repository/images/iis-homedir.png]

Create a test directory to secure, or select an existing directory. For the purposes of this demonstration, I created an "admin" directory under c:\Inetpub\wwwroot:

[http://raibledesigns.com/repository/images/iis-newadmindir.png]

Create an __index.html__ file in the admin directory with the following contents:

{{{

<html>

<head>

<title>Login Success</title>

</head>

<body>

Congrats - you made it!

</body>

</html>}}}

Now we need to configure IIS to protect the "admin" folder from just anyone.

* Open the IIS Admin Console (Start -> Programs -> Administrative Tools -> Internet Information Services)

* Navigate to COMPUTER_NAME -> Web Sites -> Default Web Site

* Right-click -> Properties for the "admin" folder

* Select the Directory Security tab and click the "Edit" button to change __Anonymous access and authentication control__

* Uncheck ''Anonymous access'', check ''Basic authentication'' (selecting the default domain) and leave ''Integrated Windows authentication'' checked

* Stop and restart Default Web Site

''Integrated Windows authentication'' will allow users to auto-login if they're using IE and logged into the domain. Basically, this setup will allow only domain users to view the "admin" folder.

Raible's Wiki

AppFuse

Other Applications

SecureDirectoriesIIS