Recently I was asked about the default permissions for IIS 7.0 and 7.5 so I start doing some digging and testing.
You might ask why is this important? Well if someone changes the permissions or a policy is applied to your server it will be extremely important to have a good idea of what has been changed. This is a good starting point.The information below is what I came up with so far.
IIS 7.0/IIS 7.5 Default Permissions
Currently there is no article outlining the default permissions for IIS 7.0 and 7.5 however I have put together the following guidelines for your reference.
New IIS Accounts :
· IIS_IUSRS (a new built-in group), as it replaces IIS_WPG and is already granted the minimum rights required to start up a worker process.
· IUSR built in account replaced the IUSR_Machine Name
· Both of these accounts are granted the minimum rights required to start up a worker process.
· Do not modify these accounts.
Understanding the Built-In User and Group Accounts in IIS 7.0
Policies and Security Settings:
I Installed SQL 2008, Windows 2008 R2, Webdav, SCCM 2007 SP2 and highlighted a few changes:
Local Users and Groups
Default Membership is listed below: