IIS Directory Script

Discussion in 'Windows Server Systems' started by Admiral Michael, Mar 1, 2006.

  1. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    IIS Directory Script1

    Hey,

    Does anyone know how, if possible, one can edit the look of the default directory listing script in IIS 6.0?
     
    Last edited: Mar 2, 2006
  2. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    I don't understand what you want to do. Explain more please?
     
  3. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    I don't know how easy it is to change the look/feel of the built in IIS directory display. You could roll your own page with ASP to do a file listing - which might be better since then you wouldn't have to turn on directory browsing and just make the asp page your default page - it would also give you even more control to hide certain files if you wanted to.
     
    Admiral Michael likes this.
  4. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    THe directory listing capabilities in IIS, I want to change how it looks.
    I've done that for most of my site BUT I have a login downloads area that I don't want to have to place a index.asp file in each folder since there's like 50 or so folders.
     
  5. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    FTP? *shudder*

    In all seriousness, I dont' think there is a way to change it without totally hacking IIS.

    In theory, you could build an application that takes and passes the directory path as a variable and plugs it into an ASP page.. never tried it personally.
     
  6. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    ok looks like it can't really be done. Now for another question.

    I have a netowrk share called downloads which gives anyone on my LAN read only access (cept for me, I get write address). Now I just reliased that when I try to login to my downloads area on my site, I can enter anything and still get in.

    If I disable the guest account it fixes it BUT the LAN users loose access. I don't want to setup a user for each computer because if I have a, let's say, client's computer then I don't want to have to enter a login to access this share. I just want to stop the guest account from interecting with IIS or just allow only one the user "downloads" access tho this site area.

    Hope that explains it all.
     
  7. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Post a screenshot of the permissions set for this share please :)
     
  8. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    Here's the permission page for the network share. Everyone only has Read checked.
     

    Attached Files:

  9. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    What is the setting for everyone?
     
  10. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    I edited the post, probably after you viewed the thread. It has Read checked.
     
  11. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    What is the authentication set to in IIS?

    EDIT: It may be working for you no matter what you type if it's taking your windows credentials (I forget the fancy word for that).

    EDIT2: I believe it is "Integrated Windows Authentication"
     
  12. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    Well that is what's it's set to. The only restrictions on the downloads is whether it's anonymous or not. The only area I can set individual permissions is through NTFS permissions, and if I restrict guest, well you know.
     
  13. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Post your website here and I'll try to access it. The issue might not occur outside of your network.

    EDIT: My logic behind that is that my stored windows credentials don't mean a grain of salt when hitting your IIS server, but anything you do internally obviously does :lick:
     
  14. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    K, sent you a PM as I don't want other people to access it.
     
  15. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Yeah test/test let me in. Muhahahahah :mad:

    What I would do in the mean time, is take that share down. Disable all access to it besides yourself. Make a test share in it's place, this way while you are fiddling with settings the content is safe ;)
     
  16. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    It's a virtual directory so I'll take it down for now.
     
  17. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
  18. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    well, couple things I would be checking..

    Is anonymous access turned on in IIS? Even if "integrated" is checked, IIS will always try to authenticate as anonymous first..
    Is this machine belong to an Active Directory domain?
    Are there domain and/or local policies that restrict the access of the BUILT-IN\Everyone group?
    Are there domain and/or local that restrict anonymous browsing and enumeration?
    Is there any NTFS permissions set?
    What happens when you specifically grant the IUSR_<computername> account access?

    We can start from there and dig deeper as we go
     
  19. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    Is anonymous access turned on in IIS? Even if "integrated" is checked, IIS will always try to authenticate as anonymous first..
    Anonymous access is disabled, it prompts for username password but since I have Everyone set to read, anything entered will allow access.

    Is this machine belong to an Active Directory domain?
    No.

    Are there domain and/or local policies that restrict the access of the BUILT-IN\Everyone group?
    Not that I know of.

    Are there domain and/or local that restrict anonymous browsing and enumeration?
    Not sure what you mean excatly.

    Is there any NTFS permissions set?
    Yep, will post when I get a chance.

    What happens when you specifically grant the IUSR_<computername> account access?
    Well, Im not sure what that will do as the user account I want to use is Downloads.
     
    Last edited: Mar 2, 2006
  20. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    I was poking round the Security Policies and there is a rule for allowing specific anonymous shares but it didn't work, I think the Guest account is still needed.

    From this standpoint it looks like this can't be done, at least not without killing anonymous LAN access as well.

    One thing I don't like bout IIS is it's integration with Windows for users. I used to use KF Webserver and it did everything I wanted except ASP which is why I switched. KF had it's own separate database for users.


    KC: Thanks for the link but I didn't find too much thats related to this issue.