Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Err Msg: PROBLEM: Your Web Is Insecure Because the Server Extensions DLLs Are Installed on a FAT Drive


View products that this article applies to.

This article was previously published under Q231856

↑ Back to the top


Symptoms

When you install the FrontPage Server Extensions on a drive that is formatted on a FAT partition, you are informed that the Web is insecure. When you run the Check and Fix reports, the following error message occurs:
PROBLEM: Your web is insecure because the server extensions DLLs are installed on a FAT drive. We recommend that you convert the drive that the extensions are installed on to NTFS.
NOT CORRECTED

↑ Back to the top


Cause

The FrontPage 2000 Server Extensions store the contents of the _vti_bin folder (traditionally stored in the content area) in the following path:
<Drive>:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\isapi
This folder is mapped into each site as a virtual directory. If this location is on a FAT partition, FrontPage considers it to be insecure. This is because you cannot set file-level permissions on a FAT partition. When installed on NTFS, the ACLs are set with everyone having Read and Execute permissions on this folder and its contents. This is in order to disallow the possible security threat of uploading malicious code to the _vti_bin folder and executing it.

↑ Back to the top


Workaround

To secure an ISP environment, you should have only NTFS partitions and you should lock them down. The program files and WINNT directories should only have Read permissions. In some cases, they can have Execute permissions by Everyone and Write permissions only by Administrators/SYSTEM and other trusted accounts and groups. The only option is to convert the boot drive to NTFS in order to provide the tightest possible security.

In some instances, customers have inquired about installing the Server Extensions to a different drive than the system drive to get the Server Extensions DLL files on an NTFS partition. In this case, the Server Extensions only install to the system drive; therefore, this is not an option. The overriding issue is that a computer with its system on FAT partition is fundamentally not secure. The warning about the content or executables being on FAT partition is designed to prevent a scenario where malicious scripts on the server could overwrite the FrontPage executables or even system binaries such as Kernel32.dll. If scripts are not enabled on the Web sites and options such as NoExecutableCgiUpload are turned on, then FrontPage is just as secure as the FAT-based system is in general. Moving the _vti_bin directory to NTFS partition does not necessarily make the computer more secure.

↑ Back to the top


Keywords: KB231856, kbprb

↑ Back to the top

Article Info
Article ID : 231856
Revision : 2
Created on : 2/22/2007
Published on : 2/22/2007
Exists online : False
Views : 386