Correct security settings (‘write’ permissions) for windows 2003.

[frontend]

I have some questions about ‘write’ permissions for my windows 2003 server.

The webshop is functional.

Setting ‘write’ permissions can be done in two ways under windows 2003. I ask myself what is safe.

1. Using Internet information services IIS manager.
Rightclick a directory and change directory permissions to write.

I get a warning message!
—————————————-
WARNING — By setting both the Write and Execute permissions, you are potentially exposing this site to malicious attack. A destructive or intrusive program could be uploaded and then executed.

Or Do i need to disable this Execute permission for executables for this directory's.
Execute permission: can be set too:
-None
-Scripts only
-Scripts and Executables.

Currently is set to scripts only. Or should it be set to None or scripts only ?

2.
Setting permissions with windows explorer on the directory where i can change the permissions on the user: Internet Guest Account with write permissions for that directory.

My question is, what is the correct way to add these permission with windows 2003 in a safe way for these directorys. Should i use option 1 or 2 ?

6.While you have your FTP connected to your Web hosting server, make sure the following PrestaShop folders have ‘write’ permissions (also known as “CHMOD 777” – explanation of file permissions here) but do not apply these permissions recursively (to their subfolders): /config, /upload, /download, /tools/smarty/compile. Then make sure the following folders have ‘write’ permissions and apply these permissions recursively (to their subfolders): /img, /mails, /modules, /themes/prestashop/lang, /translations

Thanks for helping..

[mytheory.]

I would also like to know more about this... I set mine up with write permissions for administrators, creator, authorized users, and users. I did not give Internet Guest Users write access. I am not sure if I even need to give write permissions to "users"... during my initial install I had to give them permission or PS didn't get past the 2nd page, but when I disabled this recently everything seemed to still work fine.

I want to make sure these settings are correct, but not too loose in security.

To the above poster, I remember reading somewhere that you should NOT give write permissions to Internet Guest User, doing so gives more access freedom then giving "users" access... and I know giving "users" write access works for PS so you shouldn't get anymore flexible... I am trying to tighten security, if possible, by removing access to "users" and that is what my above question regards.

Thanks!