"Aaron Bertrand [SQL Server MVP]" wrote in message
news:u$******** ******@TK2MSFTN GP12.phx.gbl...
:> "Full" grants the ability to modify permissions for the object. It is one
: > step down from object owner.
:
: YES! Now can someone please enlighten me as to how a malicious user will
: (a) know that you granted IUSR_ this extra permission, and (b) how they
will
: take advantage of it.
Well, then just give the anonymous user Full Rights to your entire web root
them. How will they know you granted the extra permission? After all, READ
rights are inclusive to Full Rights. Define "they". They the net user,
they the local user...?
: FWIW, I typically grant Full Control because I'm a lazy ignoramus. After
: all, it's checking one box as opposed to three.
I'm sorry to hear that. I may have to remove your pedestal. (O:=
--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center -
http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation -
http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library -
http://msdn.microsoft.com/library/default.asp