• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

IIS Directory Script

Admiral Michael

Michaelsoft Systems CEO
#1
IIS Directory Script1

Hey,

Does anyone know how, if possible, one can edit the look of the default directory listing script in IIS 6.0?
 
Last edited:

fitz

Woah.. I'm still here?
Staff member
Political User
#3
I don't know how easy it is to change the look/feel of the built in IIS directory display. You could roll your own page with ASP to do a file listing - which might be better since then you wouldn't have to turn on directory browsing and just make the asp page your default page - it would also give you even more control to hide certain files if you wanted to.
 

Admiral Michael

Michaelsoft Systems CEO
#4
madmatt said:
I don't understand what you want to do. Explain more please?
THe directory listing capabilities in IIS, I want to change how it looks.
fitz said:
I don't know how easy it is to change the look/feel of the built in IIS directory display. You could roll your own page with ASP to do a file listing - which might be better since then you wouldn't have to turn on directory browsing and just make the asp page your default page - it would also give you even more control to hide certain files if you wanted to.
I've done that for most of my site BUT I have a login downloads area that I don't want to have to place a index.asp file in each folder since there's like 50 or so folders.
 

fitz

Woah.. I'm still here?
Staff member
Political User
#5
Admiral Michael said:
THe directory listing capabilities in IIS, I want to change how it looks.


I've done that for most of my site BUT I have a login downloads area that I don't want to have to place a index.asp file in each folder since there's like 50 or so folders.
FTP? *shudder*

In all seriousness, I dont' think there is a way to change it without totally hacking IIS.

In theory, you could build an application that takes and passes the directory path as a variable and plugs it into an ASP page.. never tried it personally.
 

Admiral Michael

Michaelsoft Systems CEO
#6
ok looks like it can't really be done. Now for another question.

I have a netowrk share called downloads which gives anyone on my LAN read only access (cept for me, I get write address). Now I just reliased that when I try to login to my downloads area on my site, I can enter anything and still get in.

If I disable the guest account it fixes it BUT the LAN users loose access. I don't want to setup a user for each computer because if I have a, let's say, client's computer then I don't want to have to enter a login to access this share. I just want to stop the guest account from interecting with IIS or just allow only one the user "downloads" access tho this site area.

Hope that explains it all.
 

kcnychief

█▄█ ▀█▄ █
Political User
#11
What is the authentication set to in IIS?

EDIT: It may be working for you no matter what you type if it's taking your windows credentials (I forget the fancy word for that).

EDIT2: I believe it is "Integrated Windows Authentication"
 

Admiral Michael

Michaelsoft Systems CEO
#12
kcnychief said:
What is the authentication set to in IIS?

EDIT: It may be working for you no matter what you type if it's taking your windows credentials (I forget the fancy word for that).

EDIT2: I believe it is "Integrated Windows Authentication"
Well that is what's it's set to. The only restrictions on the downloads is whether it's anonymous or not. The only area I can set individual permissions is through NTFS permissions, and if I restrict guest, well you know.
 

kcnychief

█▄█ ▀█▄ █
Political User
#13
Post your website here and I'll try to access it. The issue might not occur outside of your network.

EDIT: My logic behind that is that my stored windows credentials don't mean a grain of salt when hitting your IIS server, but anything you do internally obviously does :lick:
 

kcnychief

█▄█ ▀█▄ █
Political User
#15
Yeah test/test let me in. Muhahahahah :mad:

What I would do in the mean time, is take that share down. Disable all access to it besides yourself. Make a test share in it's place, this way while you are fiddling with settings the content is safe ;)
 

Admiral Michael

Michaelsoft Systems CEO
#16
kcnychief said:
Yeah test/test let me in. Muhahahahah :mad:

What I would do in the mean time, is take that share down. Disable all access to it besides yourself. Make a test share in it's place, this way while you are fiddling with settings the content is safe ;)
It's a virtual directory so I'll take it down for now.
 

fitz

Woah.. I'm still here?
Staff member
Political User
#18
well, couple things I would be checking..

Is anonymous access turned on in IIS? Even if "integrated" is checked, IIS will always try to authenticate as anonymous first..
Is this machine belong to an Active Directory domain?
Are there domain and/or local policies that restrict the access of the BUILT-IN\Everyone group?
Are there domain and/or local that restrict anonymous browsing and enumeration?
Is there any NTFS permissions set?
What happens when you specifically grant the IUSR_<computername> account access?

We can start from there and dig deeper as we go
 

Admiral Michael

Michaelsoft Systems CEO
#19
Is anonymous access turned on in IIS? Even if "integrated" is checked, IIS will always try to authenticate as anonymous first..
Anonymous access is disabled, it prompts for username password but since I have Everyone set to read, anything entered will allow access.

Is this machine belong to an Active Directory domain?
No.

Are there domain and/or local policies that restrict the access of the BUILT-IN\Everyone group?
Not that I know of.

Are there domain and/or local that restrict anonymous browsing and enumeration?
Not sure what you mean excatly.

Is there any NTFS permissions set?
Yep, will post when I get a chance.

What happens when you specifically grant the IUSR_<computername> account access?
Well, Im not sure what that will do as the user account I want to use is Downloads.
 
Last edited:

Admiral Michael

Michaelsoft Systems CEO
#20
I was poking round the Security Policies and there is a rule for allowing specific anonymous shares but it didn't work, I think the Guest account is still needed.

From this standpoint it looks like this can't be done, at least not without killing anonymous LAN access as well.

One thing I don't like bout IIS is it's integration with Windows for users. I used to use KF Webserver and it did everything I wanted except ASP which is why I switched. KF had it's own separate database for users.


KC: Thanks for the link but I didn't find too much thats related to this issue.
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,014
Latest member
sanoravies