You can control access to your Web server's directories and files by setting NTFS access permissions. You can use NTFS permissions to define the level of access that you want to grant to specific users and groups of users, with valid Windows accounts. Proper configuration of file and directory permissions is crucial for preventing unauthorized access. For more information, see About Access Control or the Windows documentation.
When you share a directory or file, the default access settings for NTFS directories and files grants Full Control access to the Windows user group Everyone, which includes all users. This means that all users have permission to modify, move, and delete files or directories, and to change NTFS permissions. This default setting may not be appropriate for all directories and files.
Making your server secure involves removing unnecessary users and groups, or groups that are too general for your purposes. However, removing the Everyone group from the discretionary access control list (DACL), on your Web resources without further modification will cause even non-anonymous access to fail. If you want to have non-anonymous access work correctly you must have the following permissions plus any specific users or users groups:
Note If you do not see the Security tab in the drive, directory, or file property sheets, your server's file system is not configured as NTFS. To convert the file system to NTFS, see the Windows documentation.
To change NTFS permissions for a directory or fileImportant Be careful when using Deny. Deny takes precedence over Allow. Applying Deny to the Everyone group might close the resource to that level of access by anyone, including the Administrator.
Note If there are conflicts between your NTFS and Web server permissions, the most restrictive settings will be used. This means that permissions that explicitly deny access always take precedence over those permissions that grant access.