04/01/2020 11 minutes to read

*

r

*

c

*

A

In this article

This article describes the default permissions and user rights that are set on certain folders and files. These folders and files are installed with thienmaonline.vn Internet Information Services (IIS) 7.0 and later.

Bạn đang xem: Inetpub là gì

Original product version:   Internet Information Services 8.0
Original KB number:   981949

Changes in permissions between IIS 6.0 and IIS 7.0/7.5/8.0/8.5

In IIS 6.0, a local account (IUSR_MachineName) is created when IIS is installed. The IUSR_MachineName account is the default identity that is used by IIS when Anonymous authentication is enabled. Anonymous authentication is used by both the File Transfer Protocol (FTP) service and the HyperText Transfer Protocol (HTTP) service. IIS 6.0 also contains a group that is named IIS_WPG. The IIS_WPG group is used as a container for all Application Pool Identities.

In IIS 7.0 and later, a built-in account (IUSR) replaces the IUSR_MachineName account. Additionally, a group that is named IIS_IUSRS replaces the IIS_WPG group. Because the IUSR account is a built-in account, the IUSR account no longer requires a password. The IUSR account resembles a network or local service account. The IUSR_MachineName account is created and used only when the FTP 6 server that is included on the Windows Server 2008 DVD is installed. If the FTP 6 server isn”t installed, the account isn”t created.

Beginning in IIS 7.5, a new security feature is added that is called Application Pool Identities. This feature lets you run Application Pools under a unique account without having to create and manage domain or local accounts. The name of the Application Pool account corresponds to the name of the Application Pool.

Xem thêm: Người Phụ Thuộc Là Gì – Điều Kiện Giảm Trừ Gia Cảnh Cho Người Phụ Thuộc

For more information about IIS 7.0 accounts and groups, visit Understanding built-in user and group accounts in IIS 7.

For more information about Application Pool Identities, visit Application Pool Identities.

Xem thêm: Jitter Là Gì – Nghĩa Của Từ Jitter

Default NTFS file system permissions

The tables in this section list the default New Technology File System (NTFS) permissions that are assigned to certain folders and files. These folders and files are installed together with IIS 7.0, IIS 7.5, IIS 8.0, and IIS 8.5.

inetpub

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only. SYSTEM Full control Administrators Full control Users Read & execute
List folder contents
Read TrustedInstaller Full control

inetpubAdminScripts

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only. SYSTEM Full control Administrators Full control Users Read & execute
List folder contents
Read
TrustedInstaller Full control inetpubAdminScripts409 Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from inetpubAdminScripts. SYSTEM Full control Inherited from inetpubAdminScripts. Administrators Full control Inherited from inetpubAdminScripts. Users Read & execute
List folder contents
Read Inherited from inetpubAdminScripts. TrustedInstaller Full control Inherited from inetpubAdminScripts.

inetpubcusterr

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to Subfolders and files only.
Inherited from inetpub. SYSTEM Full control
Special permissions Full control is inherited from inetpub.
Special Permissions are equivalent to Full control.
Applies to this folder only. Administrators Full control
Special permissions Full control is inherited from inetpub.
Equivalent to Full control.
Applies to this folder only. Users Read & execute
List folder contents
Read
Special permissions Permissions are inherited from inetpub except for special permissions.
Special permissions apply to this folder only, and include the following: Traverse folder / execute fileList folder / read data Read attributesRead extended attributesRead permissions TrustedInstaller Full control Inherited from inetpub.

inetpubcusterren-us

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from inetpub. SYSTEM Full control Inherited from inetpub. Administrators Full control Inherited from inetpub. Users Read & execute
List folder contents
Read Inherited from inetpub. TrustedInstaller Full control Inherited from inetpub.

inetpubftproot

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from inetpub. SYSTEM Full control Inherited from inetpub. Administrators Full control Inherited from inetpub. Users Read & execute
List folder contents
Read Inherited from inetpub. TrustedInstaller Full control Inherited from inetpub.

inetpubhistory and subfolders

Users / groups Allowed permissions Comments SYSTEM Full control Administrators Full control

inetpublogs

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from inetpub. SYSTEM Full control Inherited from inetpub. Administrators Full control Inherited from inetpub. Users Read & execute
List folder contents
Read Inherited from inetpub. WMSvc List folder contents TrustedInstaller Full control Inherited from inetpub.

inetpublogsFailedReqLogFiles

Users / groups Allowed permissions Comments IIS_USRS Special permissions Special permissions include the following: List folder / read dataCreate files / write dataCreate folders / append dataWrite attributesWrite extended attributesDelete subfolders and filesDelete SYSTEM Full control Administrators Full control

inetpublogswmsvc

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from inetpub. SYSTEM Full control Inherited from inetpub. Administrators Full control Inherited from inetpub. Users Read & execute
List folder contents
Read Inherited from inetpub. WMSvc Modify
Read & execute
List folder contents
Read
Write List folder contents permission is inherited from inetpublogs. TrustedInstaller Full control Inherited from inetpub.

inetpubtemp

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from inetpub. SYSTEM Full control Inherited from inetpub. Administrators Full control Inherited from inetpub. Users Read & execute
List folder contents
Read Inherited from inetpub. TrustedInstaller Full control Inherited from inetpub.

inetpubtempappPools

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only. SYSTEM Full control Administrators Full control IIS_USRS Read & execute Inherited from inetpub.

inetpubtempASP Compiled Templates

Users / groups Allowed permissions Comments By default, no permissions are assigned to this folder.

inetpubtempIIS Temporary Compressed Files

Users / groups Allowed permissions Comments SYSTEM Full control Administrators Full control IIS_USRS Full control

inetpubwwwroot

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from inetpub. SYSTEM Full control Inherited from inetpub. Administrators Full control Inherited from inetpub. Users Read & execute
List folder contents
Read Inherited from inetpub. IIS_USRS Read & execute TrustedInstaller Full control Inherited from inetpub.

inetpubwwwrootaspnet_client

Users / groups Allowed permissions Comments Everyone Read SYSTEM Full control Administrators Full control Users Read & execute
List folder contents
Read

%windir%system32inetsrv

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only. SYSTEM Special permissions Special permissions allowed for the SYSTEM account for this folder only include the following: Traverse folder / execute fileList folder / read dataRead attributesRead extended attributesCreate file / write dataCreate folders / append dataWrite attributes Write extended attributes Delete Read permissions
Special permission allowed for SYSTEM for subfolders and files only is equivalent to Full control. Administrators Special permissions Special permissions allowed for the Administrators group for this folder only include the following: Traverse folder / execute file List folder / read data Read attributes Read extended attributes Create file / write data Create folders / append data Write attributes Write extended attributes Delete Read permissions
Special permission allowed for the Administrators group for subfolders and files only is equivalent to Full control. Users Read & execute
List folder contents
Read TrustedInstaller Special permissions Permissions are equivalent to Full control, and apply to this folder and subfolders.

%windir%System32inetsrv409

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from %windir%System32inetsrv. SYSTEM Full control Inherited from %windir%System32inetsrv. Administrators Full control Inherited from %windir%System32inetsrv Users Read & execute
List folder contents
Read Inherited from %windir%System32inetsrv TrustedInstaller Special permissions Equivalent to Full control.
Applies to subfolders and files only.
Inherited from %windir%System32inetsrv

%windir%System32inetsrvconfig

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only. SYSTEM Full control Administrators Full control Users Read & execute
List folder contents
Read TrustedInstaller Full control WMSvc Read

%windir%System32inetsrvconfigExport

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only. SYSTEM Full control Administrators Full control TrustedInstaller Full control

%windir%System32inetsrvconfigschema

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only. SYSTEM Special permissions Special permissions allowed for the SYSTEM account for this folder only include the following: Traverse folder / execute file List folder / read data Read attributes Read extended attributes Create file / write data Create folders / append data Write attributes Write extended attributes Delete Read permissions
Special permission allowed for SYSTEM for subfolders and files only is equivalent to Full control. Administrators Special permissions Special permissions allowed for the Administrators group for this folder only include the following: Traverse folder / execute fileList folder / read dataRead attributesRead extended attributesCreate file / write dataCreate folders / append dataWrite attributesWrite extended attributesDeleteRead permissions
Special permission allowed for the Administrators group for subfolders and files only is equivalent to Full control. Users Read & execute
List folder contents
Read TrustedInstaller Special permissions Equivalent to Full control.
Applies to this folder and subfolders.

%windir%System32inetsrven-us

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subfolders and files only. SYSTEM Special permissions Special permissions allowed for the SYSTEM account for this folder only include the following: Traverse folder / execute file List folder / read data Read attributes Read extended attributes Create file / write data Create folders / append data Write attributes Write extended attributes Delete Read permissions
Special permission allowed for SYSTEM for subfolders and files only is equivalent to Full control. Administrators Special permissions Special permissions allowed for the Administrators group for this folder only include the following: Traverse folder / execute file List folder / read data Read attributesRead extended attributesCreate file / write dataCreate folders / append dataWrite attributesWrite extended attributesDeleteRead permissions
Special permission allowed for the Administrators group for subfolders and files only is equivalent to Full control. Users Read & execute
List folder contents
Read TrustedInstaller List folder contents
Special permissions Equivalent to Full control.
Applies to this folder and subfolders.

%windir%System32inetsrvHistory

Users / groups Allowed permissions Comments Administrators Full control SYSTEM Full control %windir%System32inetsrvMetaBack Users / groups Allowed permissions Comments Administrators Full control SYSTEM Full control

Default registry permissions

The tables in this section list the default registry permissions that are assigned when IIS 7.0, IIS 7.5, IIS 8.0, or IIS 8.5 is installed. When Read permissions are listed for users, the following permissions are included:

Query Value Enumerate Subkeys Notify Read Control

HKEY_LOCAL_MACHINESoftwarethienmaonline.vnInetmgr

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESoftwarethienmaonline.vnInetStp

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESoftwarethienmaonline.vnW3SVC

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesASP

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesASP.NET

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesASP.NET_2.0.50727

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesaspnet_state

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTP

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesIISAdmin

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesW3SVC

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesWAS

Users / groups Allowed permissions Comments CREATOR OWNER Special permissions Equivalent to Full control.
Applies to subkeys only. SYSTEM Full control Administrators Full control Users Read

Chuyên mục: Hỏi Đáp