situation:<BR>- Server running IIS5 under W2k advanced.<BR>- friend asked me to setup a site for him where he can publish an asp-web<BR>- currently I am the only one publishing asp-sites on this server (and my pages are running under a renamed "IUSR_machine" context)<BR><BR>problem:<BR>- His site needs to run under another anon-account (IUSR_machine_alternate) than my sites so he wont be able to access files other than in his directory.<BR>- I disabled paths so he wont be able to use parent paths.<BR>- With the filesystem object he is still able to read files that are shared for IIS user (i.e. some files in system32)<BR><BR>question:<BR>- Is there ANY way to completly denie access (with filesystemobject) to these files ?<BR>- Wich files need to be readable at minimum for this IIS-user?<BR>- A question regarding W2K at all: MS still sets several directories/files ACL for permission on the "EVERYONE" user. Anybody that can give a resource for what are the MINIMUM permissions on all files needed to run the server? (I am quite sure even my manually reduced permissions still lack security in a "hosted situation", my server is only setup to be secured in a one-user-direct-access only situation, but now I have someone on the server that is able to use components and has execute access (at least for scripts)<BR><BR>There has to be a secure way (similar like workspaces in Unix) since there are Webhosts that provide ASP-hosting and they&#039;d have a similar problem.<BR><BR>Maybe one of You could point me into the right direction?<BR><BR>P.S: Access to the filesystem-component is required, so I cant disable this Asp-component.<BR><BR>Regards<BR><BR><BR>