I know this isn't a DNN forum but I posted this question over on their site and it hasn't gotten a reply. (Only someone saying they need the answer too). I hope I am posting in the correct area.
In the Security section of my DNN website, the Audit Check for CheckDiskAccess shows "Hackers could access drives/folders outside the website. C:\mywebsite\ Read:Y, Write:Y, Create:Y, Delete:N
- C:\ - Read:Y, Write:Y, Create:Y, Delete:N".
I'm new to Windows Server and IIS. Where do I change permissions to keep DNN from being able to get outside the website?
I'm not an DNN framework user so I'm not sure whether this issue has something to do with IIS permission. IIS site use anonymous user (IUSR) to IO file or configuration file. And the web app execute process under application pool identity( IIS Apppool\sitename).
So please try to restrict permission for your application user and authenticate user.
If the reply is helpful, it is appreciated if you could mark it as answer.
Best Regards,
Jokies Ding
Yuk Ding
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.
2 Posts
Where To Fix An Alert
Dec 13, 2019 06:48 PM|Zyxian|LINK
Hello All.
I know this isn't a DNN forum but I posted this question over on their site and it hasn't gotten a reply. (Only someone saying they need the answer too). I hope I am posting in the correct area.
In the Security section of my DNN website, the Audit Check for CheckDiskAccess shows "Hackers could access drives/folders outside the website. C:\mywebsite\ Read:Y, Write:Y, Create:Y, Delete:N - C:\ - Read:Y, Write:Y, Create:Y, Delete:N".
I'm new to Windows Server and IIS. Where do I change permissions to keep DNN from being able to get outside the website?
Is it somewhere in IIS or is it in ASP?
Thank you for any help.
Zyxian
4016 Posts
Microsoft
Re: Where To Fix An Alert
Dec 16, 2019 09:57 AM|Yuk Ding|LINK
Hi Zyxian,
I'm not an DNN framework user so I'm not sure whether this issue has something to do with IIS permission. IIS site use anonymous user (IUSR) to IO file or configuration file. And the web app execute process under application pool identity( IIS Apppool\sitename). So please try to restrict permission for your application user and authenticate user.
If the reply is helpful, it is appreciated if you could mark it as answer.
Best Regards,
Jokies Ding
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.
2 Posts
Re: Where To Fix An Alert
Dec 16, 2019 04:55 PM|Zyxian|LINK
Thank you Jokies.
I will double check to make sure I didn't miss something in there.
Zyxian.