RE: Frontpage SE Modifying NTFS permissions
From: Harikumar H [MSFT] (harikumh_at_online.microsoft.com)
Date: 10/26/04
- Next message: Harikumar H [MSFT]: "Re: giving groups permissions"
- Previous message: KMcDermott: "FPSE v. SharePoint Server Extensions?"
- In reply to: Badriram Rajagopalan: "Frontpage SE Modifying NTFS permissions"
- Next in thread: Badriram Rajagopalan: "RE: Frontpage SE Modifying NTFS permissions"
- Reply: Badriram Rajagopalan: "RE: Frontpage SE Modifying NTFS permissions"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 26 Oct 2004 15:18:15 GMT
Hi Badri,
This is an expected behaviour. The Interactive and Network group is added
for the following reasons.
when a Web site is set to allow anonymous users to browse the site content,
and a user authenticates to perform some other tasks, such as modifying a
file, they can no longer browse any sites on that server anonymously. This
is problematic when the user goes to browse a different Web site on the
same virtual server. Because they have authenticated, they are no longer
anonymous, and because their own credentials are not used by the new Web
site, they may be blocked from browsing the new site.
For example, your server, SERVER1, hosts both http://www.example.com (a
site that allows anonymous browsing) and http://www.example.com/subweb (a
site that does not allow anonymous browsing) on the same virtual server.
User1 is an author for www.example.com/subweb. Previously, when User1
accessed a file from the file system to make a change in
www.example.com/subweb, and then browsed to www.example.com, the user was
already authenticated. So, rather than browsing the site as an anonymous
user, the user's credentials were checked and the user saw an access denied
error.
To get around this issue, the FrontPage Server Extensions used the
NETWORK/INTERACTIVE access control entries (ACE) to allow users with user
accounts to browse content, even after they have authenticated. However,
these general groups may allow more permissive behavior than is desired.
If you are using a Windows 2003 server, then you can disable adding of
Interactive and Network groups to the ACL's of the content area
More Information
Authenticating users separately for each virtual server
http://www.microsoft.com/resources/documentation/sts/2001/all/proddocs/en-us
/admindoc/owsj03.mspx
Hope this helps
regards
Hari
MSFT
This posting is provided "as is" with no warranties and confers no rights
--------------------
| Hi,
|
| I know Frontpage Extensions keeps track of permissions, and as of 2002
does
| not allow admins to keep track of permissions. However my problem is
that
| Frontpage automatically modifes permissions for Website root folders,
that do
| not have fonrpage enabled.
|
| For instance we have
| C:\Webs (not a web root)
| C:\Webs\FPa (webroot for site a)
| C:\Webs\FPb (webroot for site b)
| C:\Webs\c (webroot for site c, no FP SE enabled)
|
| the problem is that Fronpage extensions adds Interactive and Network
| permissions at the C:\Webs level, thus changing permissions for Site C,
which
| should not need it. This is a major problem because of all the restricted
| sites we have on site C, and Interactive and Netowrk give read access to
| everyone that has an account.
|
| Any help will be greatly appreciated.
|
| Thanks
| Badri
|
- Next message: Harikumar H [MSFT]: "Re: giving groups permissions"
- Previous message: KMcDermott: "FPSE v. SharePoint Server Extensions?"
- In reply to: Badriram Rajagopalan: "Frontpage SE Modifying NTFS permissions"
- Next in thread: Badriram Rajagopalan: "RE: Frontpage SE Modifying NTFS permissions"
- Reply: Badriram Rajagopalan: "RE: Frontpage SE Modifying NTFS permissions"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
