Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Lock down a group to a folder

21 Nov 2010   #1

Windows 7 Pro x64
Lock down a group to a folder

Hi everyone,

I am trying to lock down a group to a single folder called "Media" in C:\inetpub\wwwroot So far I have created a group called "LockedDown", created a local user called "IIS_IUSR", removed user from "User" group and added user to "LockedDown" group. I gave LockedDown read and execute permissions in the inetpub folder but I want to explicitly deny the LockedDown group permissions everywhere else. I keep getting an error when trying to deny access to the system32 file and then does not apply the permissions.

Is the fact that I have removed the IIS_USER user from the "Users" group enough or is it better to explicitly deny access everywhere I do not want the user to go? If it is better to deny the access then what is best way to accomplish this or am I on the right track?

I appreciate everyone's time.


My System SpecsSystem Spec
21 Nov 2010   #2

Windows 7 Ultimate 64bit

I think that you will find that expicitly denying permissions is generally consider a bad practice in order to do so on any subcontainer you would need to break inheritance from it's parent folder being very careful to copy existing permission as they exist currently and then proceeding with the explicit denial. A critical folder like the system32 folder only compounds the danger and can result in disasterous effects so I would suggest that if you proceed you use extreme caution. (restore point and complete known good current system image.)
My System SpecsSystem Spec
21 Nov 2010   #3

Windows 7 Ultimate x64 SP1

What guide are you following on how to configure IIS?
My System SpecsSystem Spec

22 Nov 2010   #4

Windows 7 Pro x64

Well, actually, no guide. But, the idea was inspired by this guide: Lockdown by group using Local Computer Policy without Active Directory

That is why I figured I would come and ask all of you very helpful folks if I am doing the right thing. I know that after XP permissions had changed a bit. I know that IIS is installed and "works" because I can type my dyndns address and see my index of files. I just want to make sure that is all that everyone else can see/access.

With Patwhatsthat's information, I guess my approach is at least partially incorrect because I do not want to break inheritance from it's parent folder. That would be a nightmare or impossible to correct. So, is there an easier way to lock users into only accessing only one folder? I guess I am wanting to do the same thing that chroot does in Linux. I just thought this was the best way in Windows to get this accomplished.
My System SpecsSystem Spec
22 Nov 2010   #5

Windows 7 Ultimate x64 SP1

I highly recommend you start out by reading a guide or two about IIS before you go any further. How it works and how to protect directories will be part of any good guide. It's definitely not the same as setting up a webserver on a Linux box.
My System SpecsSystem Spec

 Lock down a group to a folder

Thread Tools

Similar help and support threads
Thread Forum
Users folder not visible in explorer,lock on admin's user folder icon?
A past virus must have caused this.The C:\Users folder is not visible in explorer for some reason.I can still visit the contents and the pc works fine,but this is not right.Also, there is a lock on my users/alexandros folder icon.Maybe it has something to do?
System Security
Num Lock, Caps Lock and Scroll Lock all lights up (not blinking)
For some time now, i have been experiencing that my Num Lock, Caps Lock and Scroll Lock all lights up (not blinking) all at the same time, I tried to google it but i can not find any solutions or explanations for it. Does anyone know if it is bad? and what is causing this? I am having a wired...
Hardware & Devices
Add a group in any folder.
Hi everybody ... I want to start a group in any folder, such as groups in the computer ... How do I create a group in any other folder ? :sarc:
General Discussion
Caps lock, num lock, scroll lock screen messages
Hi, how to disable Caps lock, num lock, scroll lock screen messages? I have desktop pc with two keyboards usb and bluetooth. Also TOSHIBA Bluetooth Stack software, but in device manager: keyboard > hid keyboard device both using microsoft drivers. And I dont have any software installed...
General Discussion
Folder lock?
Is there a way to lock a single folder in windows 7?
General Discussion
folder lock?
got free folder lock compatible to windows 7?

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:57.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App