Warning Message -

[monte]

Hi
I got a warning message when i installed frontpage server extensions 2002( i had to install to create web applications using visual interdev with IIS 5.0)

The message is below

Please let me know what i have to do to protect my web application


"Warning:Your web is insecure because the server extensions DLLs are installed on a FAT drive. We recommend that you convert the drive that the extensions are installed on to NTFS"

Thanks

[JoshT]

The partition on the server's hard drive is formatted as FAT rather than NTFS - FAT is the DOS/Win9x file system that offers no security features - all files are readable and writable by all users (as those OSes don't really even use user accounts at all). NTFS is the NT/2000/XP file system where you can assign user rights by file and folder - IE, on a corporate network, normal users (who log in), cannot modify C:\Winnt or C:\Program Files - so you need an Administrator to log on to do things, etc, and the users can set permissions where only they can access their own files, especially if multiple people share a computer.

Now, for IIS, the web server runs ASP, etc, as a unpriveledged account with few rights, typically IUSR_MachineName. Thus on NTFS, you can only give that account read access to the web site files and no access anywhere else to lock things down. That way, if the web server is compromised (hacked), damage the attacker can do is minimized (hopefully), but with FAT, that security is missing, so the attacker would get full access to the FAT drive.

[JoshT]

Oh yeah - there is a command line "convert" utility that can convert a drive from FAT to NTFS.