Your location:Tech News>OS>Windows Sever>FSO's solution in Win2000 server

Latest News

FSO's solution in Win2000 server

Author:fsadmin

Views:

When ASP is executed it accesses the hard disk as 'IUSR_machine name'. This user is not given here With account permissions ASP cannot read and write files on the hard disk.

Solution: Open Explorer on the server right-click the directory where the asp file is located or hard disk partition select 'Properties' select 'Security' \u0026rdquo; tab you can now see which accounts can access this directory partition (volume) and access permissions. After the default installation it appears that 'Everyone' has full control permissions. Click \u0026ldquo;Add\u0026rdquo; to give \u0026ldquo;IUSR_machine name\u0026rdquo; to \u0026ldquo;full control\u0026rdquo; or corresponding permissions.

This has certain security risks because the permission to read and write files can be obtained through fso which is easy to be used by hackers. Here is one method.

We know that in addition to the CreateObject method you can also use general annotations to create a component. We can use HTML in ASP.

Runat means it is executed on the server side and Scope means the life cycle of the component. You can choose Session Application or page (it means the current page or the default)

We can also disable the component by modifying the value of Clsid such as changing the value of HKEY_CLASSES_ROOT\\Scripting.FileSystemObject\\CLSID in the registry 0D43FE01-F093-11CF-8940-00A0C9054228 to 0D43FE01-F093-11CF- 8940-00A0C9054229 (change the last one) this time the wording is:

CF-8940-00A0C9054229\u0026quot;\u0026gt;

Look at the running result no problem OK. At this time we use CF-8940-00A0C9054228\u0026quot;\u0026gt; and an error occurs.

Create a new user: iusr_domain

Set the anonymous user IUSR_DOMAIN of the corresponding site in IIS

CACLS: Set directory permissions

This way FSO is available but it will not affect others

Prevention:

Limit users to use FileSystemObject objects. An extreme approach is to completely unregister the component that provides the FileSystemObject object that is Scrrun.dll. The specific method is as follows:

Type in the MS-DOS status:

Regsvr32 /uc:\\ windows\\system\\scrrun.dll

(Note: In actual operation you must change to your local actual path)

?What process is fsscrctl.exe? What is the function of fsscrctl process query?

Recommend article

Relate article