Cacti (home)ForumsDocumentation

Differences

This shows you the differences between two versions of the page.

manual:088:1_installation.2_install_windows.2_configure_webserver [2014/10/21 19:55]
BSOD2600
manual:088:1_installation.2_install_windows.2_configure_webserver [2019/10/29 15:16] (current)
Line 6: Line 6:
   * [[http://technet.microsoft.com/en-us/library/aa998483%28v=exchg.65%29.aspx|How to Install IIS 6 on Windows Server 2003]]   * [[http://technet.microsoft.com/en-us/library/aa998483%28v=exchg.65%29.aspx|How to Install IIS 6 on Windows Server 2003]]
   * [[http://www.iis.net/learn/install/installing-iis-7/installing-iis-7-and-above-on-windows-server-2008-or-windows-server-2008-r2|How to Install IIS 7.0/7.5 on Windows Server 2008 / R2]]   * [[http://www.iis.net/learn/install/installing-iis-7/installing-iis-7-and-above-on-windows-server-2008-or-windows-server-2008-r2|How to Install IIS 7.0/7.5 on Windows Server 2008 / R2]]
-  * [[http://www.iis.net/learn/install/installing-iis-85/installing-iis-85-on-windows-server-2012-r2]|How to Install IIS 8.0/8.5 on Windows Server 2012 R2]]+  * [[http://www.iis.net/learn/install/installing-iis-85/installing-iis-85-on-windows-server-2012-r2|How to Install IIS 8.0/8.5 on Windows Server 2012 R2]]
      
 == Configure == == Configure ==
Line 15: Line 15:
 After following the above guides: After following the above guides:
  
-<note>IIS6 has the IIS_WPG user account. IIS7 it's called IIS_USRS</note>+<note>IIS6 has the IIS_WPG user account. IIS7 it's called IIS_IUSRS</note>
  
   - Give the COMPUTERNAME\IUSR_ and COMPUTERNAME\IIS_WPG users Read & Execute permissions to the file  C:\Windows\system32\cmd.exe.   Yes, this can be a large security hole, but it's required so RRDTool can be launched for graphing by the anonymous web account.  For slightly improved security, one can specify a separate custom //User account// which would be used for the /wwwroot/Cacti/ site.  Then, instead of using IUSR_ everywhere throughout this document, replace it with the custom User account.  This way, only a security hole in Cacti's code could exploit cmd.exe and not all sites on the IIS server.   - Give the COMPUTERNAME\IUSR_ and COMPUTERNAME\IIS_WPG users Read & Execute permissions to the file  C:\Windows\system32\cmd.exe.   Yes, this can be a large security hole, but it's required so RRDTool can be launched for graphing by the anonymous web account.  For slightly improved security, one can specify a separate custom //User account// which would be used for the /wwwroot/Cacti/ site.  Then, instead of using IUSR_ everywhere throughout this document, replace it with the custom User account.  This way, only a security hole in Cacti's code could exploit cmd.exe and not all sites on the IIS server.





Personal Tools