Recently I was asked about the default permissions for IIS 7.0 and 7.5 so I start doing some digging and testing. 

You might ask why is this important? Well if someone changes the permissions or a policy is applied to your server it will be extremely important to have a good idea of what has been changed. This is a good starting point.The information below is what I came up with so far.

 

IIS 7.0/IIS 7.5 Default Permissions

Currently there is no article outlining the default permissions for IIS 7.0 and 7.5 however I have put together the following guidelines for your reference.

New IIS Accounts :

· IIS_IUSRS (a new built-in group), as it replaces IIS_WPG and is already granted the minimum rights required to start up a worker process.

· IUSR built in account replaced the  IUSR_Machine Name

· Both of these accounts are granted the minimum rights required to start up a worker process.

· Do not modify these accounts.

Understanding the Built-In User and Group Accounts in IIS 7.0

http://learn.iis.net/page.aspx/140/understanding-the-built-in-user-and-group-accounts-in-iis-70

Policies and Security Settings:

I Installed SQL 2008, Windows 2008 R2, Webdav, SCCM 2007 SP2 and highlighted a few changes:

Local Users and Groups

Default Membership is listed below:

“Users” Membership:

  • Administrator
  • Guests

“Group”  Membership:

clip_image001