RE: Frontpage SE Modifying NTFS permissions

From: Badriram Rajagopalan (BadriramRajagopalan_at_discussions.microsoft.com)
Date: 10/26/04

• Next message: Mark Fitzpatrick: "Re: FPSE v. SharePoint Server Extensions?"
• Previous message: Harikumar H [MSFT]: "Re: giving groups permissions"
• In reply to: Harikumar H [MSFT]: "RE: Frontpage SE Modifying NTFS permissions"
• Next in thread: Harikumar H [MSFT]: "RE: Frontpage SE Modifying NTFS permissions"
• Reply: Harikumar H [MSFT]: "RE: Frontpage SE Modifying NTFS permissions"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 26 Oct 2004 09:39:03 -0700

I guess I did not explain my problem right,
C:\Webs\a
C:\webs\b
c:\webs\c

Lets say we have www.exp1.com with Frontpage SE on A, www.exp2.com with
Frontpage SE on B, and www.exp3.com with no frontpage extensions on C.

The problem was that Fronpage would change permissions on C:\Webs\c, which
should not have to be changed.

Badri

"Harikumar H [MSFT]" wrote:

> Hi Badri,
>
> This is an expected behaviour. The Interactive and Network group is added
> for the following reasons.
>
> when a Web site is set to allow anonymous users to browse the site content,
> and a user authenticates to perform some other tasks, such as modifying a
> file, they can no longer browse any sites on that server anonymously. This
> is problematic when the user goes to browse a different Web site on the
> same virtual server. Because they have authenticated, they are no longer
> anonymous, and because their own credentials are not used by the new Web
> site, they may be blocked from browsing the new site.
>
> For example, your server, SERVER1, hosts both http://www.example.com (a
> site that allows anonymous browsing) and http://www.example.com/subweb (a
> site that does not allow anonymous browsing) on the same virtual server.
> User1 is an author for www.example.com/subweb. Previously, when User1
> accessed a file from the file system to make a change in
> www.example.com/subweb, and then browsed to www.example.com, the user was
> already authenticated. So, rather than browsing the site as an anonymous
> user, the user's credentials were checked and the user saw an access denied
> error.
>
> To get around this issue, the FrontPage Server Extensions used the
> NETWORK/INTERACTIVE access control entries (ACE) to allow users with user
> accounts to browse content, even after they have authenticated. However,
> these general groups may allow more permissive behavior than is desired.
>
> If you are using a Windows 2003 server, then you can disable adding of
> Interactive and Network groups to the ACL's of the content area
>
> More Information
>
> Authenticating users separately for each virtual server
> http://www.microsoft.com/resources/documentation/sts/2001/all/proddocs/en-us
> /admindoc/owsj03.mspx
>
> Hope this helps
>
>
> regards
>
> Hari
> MSFT
>
> This posting is provided "as is" with no warranties and confers no rights
> --------------------
> | Hi,
> |
> | I know Frontpage Extensions keeps track of permissions, and as of 2002
> does
> | not allow admins to keep track of permissions. However my problem is
> that
> | Frontpage automatically modifes permissions for Website root folders,
> that do
> | not have fonrpage enabled.
> |
> | For instance we have
> | C:\Webs (not a web root)
> | C:\Webs\FPa (webroot for site a)
> | C:\Webs\FPb (webroot for site b)
> | C:\Webs\c (webroot for site c, no FP SE enabled)
> |
> | the problem is that Fronpage extensions adds Interactive and Network
> | permissions at the C:\Webs level, thus changing permissions for Site C,
> which
> | should not need it. This is a major problem because of all the restricted
> | sites we have on site C, and Interactive and Netowrk give read access to
> | everyone that has an account.
> |
> | Any help will be greatly appreciated.
> |
> | Thanks
> | Badri
> |
>
>
>

---

• Next message: Mark Fitzpatrick: "Re: FPSE v. SharePoint Server Extensions?"
• Previous message: Harikumar H [MSFT]: "Re: giving groups permissions"
• In reply to: Harikumar H [MSFT]: "RE: Frontpage SE Modifying NTFS permissions"
• Next in thread: Harikumar H [MSFT]: "RE: Frontpage SE Modifying NTFS permissions"
• Reply: Harikumar H [MSFT]: "RE: Frontpage SE Modifying NTFS permissions"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages FPSE2002 Shared Hosting Flaw Workaround ... I have begun a workaround for the FrontPage 2002 Extensions use of the ... Interactive and Network permissions for those attempting Secure Shared ... When creating FrontPage users this configuration assumes they only belong to ... Add the Group 'Users' and give them 'Traverse Folder' on 'This folder only' ... (microsoft.public.inetserver.iis.security) Re: Interactive USER ... by connecting with frontpage and disabling anonymous browsing from there. ... Interactive and Network permissions for those attempting Secure Shared ... SharePoint Admin Web Instance and App Pool. ... Add the Group 'Users' and give them 'Traverse Folder' on 'This folder only' ... (microsoft.public.inetserver.iis.security) re: Need info on IIS manager and autoriting / permisions for FP ( MVP please rea ... You should always manage FrontPage permissions through ... FrontPage, and not through IIS Manager or Windows ... installed on the virtual server you're trying to use. ... (microsoft.public.frontpage.client) BUG: XP SP2/FrontPage XP ... A fresh install of XP SP2 and associated updates, ... install of IIS 5.1 on XP Pro. ... Using FrontPage to access a website locally set up ... Use unique permissions for this web. ... (microsoft.public.frontpage.programming) BUG: XP SP2/FrontPage XP ... A fresh install of XP SP2 and associated updates, ... install of IIS 5.1 on XP Pro. ... Using FrontPage to access a website locally set up ... Use unique permissions for this web. ... (microsoft.public.inetserver.iis)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)