First, the permissions you see within the file manager are all the permissions that we have access to as well, modifying anything beyond what the control panel shows would be automatically overwritten when the control panel service performs its next check of the server. We are unable to adjust the permissions for the system and Admin users, these users and their permissions are essential for the domain to continue working properly and for you to be able to use the plesk system as well as FTP. As for updating the FTP user, the FTP user always has read/write access and, the ASP user, as far as I am aware, is unable to be adjusted, and is configured as Microsoft says so. Second, in regards to the error you were receiving from the file manager: This error is received when attempting to set permissions in a folder that you are unable to modify, such as the 'httpdocs', 'cgi-bin' and other directories at the top level of your hosting. You may only modify the internals of these directories, and not the top levels. I did check and verify, only the Admin and System users have access to the httpdocs folder. The permissions here are locked down as tight as they can be without causing problems with the control panel and FTP. Lastly, I would like to note a security advisory that turned up in a simple google search for ASP.NET writing and XSS vulnerabilities. This is one of many vulnerabilities that can be found in regards to ASP and ASP.Net. ----- Microsoft ASP.NET Unicode Conversion Cross-Site Scripting Unpatched. Secunia Advisory 3 of 3 in 2005. 17,336 views. Release Date: 2005-02-18 Secunia Advisory ID: SA14214 Solution Status: Unpatched Criticality: Impact: Cross Site Scripting Where: From remote Short Description: ....has discovered a vulnerability in ASP.NET, which potentially can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. ---- While the date here says 2005, this vulnerability remains unpatched. You can find more information about these here: http://secunia.com/advisories/search/?search=ASP.Net . And more information from google: http://www.google.com/search?q=ASP.NET+vulnerability . Again, this portion is beyond the scope of our support. If our server was compromised, we would certainly have more than one domain filing complaints.