Access Control

You can control which users and computers can access your Web server and its resources. There are two main types of access control: NTFS permissions, which are controlled by the operating system, and Web site permissions, which are controlled by IIS. To help secure your Web server, you should use a defense-in-depth strategy, combining proper authentication methods with tools such as firewalls and the appropriate NTFS permissions and Web site permissions. IIS built-in accounts and features, such as URL authorization, help you control access to resources on multiple levels, from entire Web and FTP sites to individual files or specific URLs.

How Access Control Works

Access control involves both user rights and permissions. User rights ...

Get Internet Information Services (IIS) 6 Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.