RE: Frontpage SE Modifying NTFS permissions

From: Harikumar H [MSFT] (harikumh_at_online.microsoft.com)
Date: 10/27/04 

Date: Wed, 27 Oct 2004 13:25:17 GMT

Hi Badri,

I understand your problem. The web site A, B and C are under the webs
folder. When you extend A and B, FPSE will add the Interactive and Network
folder to the parent folder that is the webs folder. If you want to block
Interactive and Network from the C directory, uncheck the inheritance from
the above folder.

Hope this helps

regards

Hari
MSFT

This posting is provided "as is" with no warranties and confers no rights
--------------------
| I guess I did not explain my problem right,
| C:\Webs\a
| C:\webs\b
| c:\webs\c
|
| Lets say we have www.exp1.com with Frontpage SE on A, www.exp2.com with
| Frontpage SE on B, and www.exp3.com with no frontpage extensions on C.
|
| The problem was that Fronpage would change permissions on C:\Webs\c,
which
| should not have to be changed.
|
| Badri
|
|
| "Harikumar H [MSFT]" wrote:
|
| > Hi Badri,
| >
| > This is an expected behaviour. The Interactive and Network group is
added
| > for the following reasons.
| >
| > when a Web site is set to allow anonymous users to browse the site
content,
| > and a user authenticates to perform some other tasks, such as modifying
a
| > file, they can no longer browse any sites on that server anonymously.
This
| > is problematic when the user goes to browse a different Web site on the
| > same virtual server. Because they have authenticated, they are no
longer
| > anonymous, and because their own credentials are not used by the new
Web
| > site, they may be blocked from browsing the new site.
| >
| > For example, your server, SERVER1, hosts both http://www.example.com (a
| > site that allows anonymous browsing) and http://www.example.com/subweb
(a
| > site that does not allow anonymous browsing) on the same virtual
server.
| > User1 is an author for www.example.com/subweb. Previously, when User1
| > accessed a file from the file system to make a change in
| > www.example.com/subweb, and then browsed to www.example.com, the user
was
| > already authenticated. So, rather than browsing the site as an
anonymous
| > user, the user's credentials were checked and the user saw an access
denied
| > error.
| >
| > To get around this issue, the FrontPage Server Extensions used the
| > NETWORK/INTERACTIVE access control entries (ACE) to allow users with
user
| > accounts to browse content, even after they have authenticated.
However,
| > these general groups may allow more permissive behavior than is
desired.
| >
| > If you are using a Windows 2003 server, then you can disable adding of
| > Interactive and Network groups to the ACL's of the content area
| >
| > More Information
| >
| > Authenticating users separately for each virtual server
| >
http://www.microsoft.com/resources/documentation/sts/2001/all/proddocs/en-us
| > /admindoc/owsj03.mspx
| >
| > Hope this helps
| >
| >
| > regards
| >
| > Hari
| > MSFT
| >
| > This posting is provided "as is" with no warranties and confers no
rights
| > --------------------
| > | Hi,
| > |
| > | I know Frontpage Extensions keeps track of permissions, and as of
2002
| > does
| > | not allow admins to keep track of permissions. However my problem is
| > that
| > | Frontpage automatically modifes permissions for Website root folders,
| > that do
| > | not have fonrpage enabled.
| > |
| > | For instance we have
| > | C:\Webs (not a web root)
| > | C:\Webs\FPa (webroot for site a)
| > | C:\Webs\FPb (webroot for site b)
| > | C:\Webs\c (webroot for site c, no FP SE enabled)
| > |
| > | the problem is that Fronpage extensions adds Interactive and Network
| > | permissions at the C:\Webs level, thus changing permissions for Site
C,
| > which
| > | should not need it. This is a major problem because of all the
restricted
| > | sites we have on site C, and Interactive and Netowrk give read access
to
| > | everyone that has an account.
| > |
| > | Any help will be greatly appreciated.
| > |
| > | Thanks
| > | Badri
| > |
| >
| >
| >
|

Relevant Pages

  • Re: Hit Counter not Working
    ... You must publish from the exact same folder that is on the web site ... Make a new folder ... This is a post for the server groups and forums. ... Sharepoint Admin to extend the site with FP extensions. ...
    (microsoft.public.frontpage.programming)
  • RE: Windows 2003 Server - Everyone Group
    ... this folder only accessable by the users in the "special" group. ... Configure User and Group Access on an Intranet in Windows Server ... NTFS files system permissions control ... group that you want to set permissions for, click Check Names to verify the ...
    (microsoft.public.win2000.networking)
  • Re: Office Docs wont Open? and BU Drive not Recognized?
    ... Create a new Folder: ... On the server share... ... SHARING tab | Permissions | Share Permissions | Group or User Names ... If I copy the document to the local Client, the document opens ...
    (microsoft.public.windows.server.sbs)
  • Re: An NT Security Gotcha that looks like a Jet Security issue
    ... >people remotely via Windows Terminal Server. ... >code when it was run by a user that didn't have full permissions on ... There's a top-level DATA folder, ... >ApplicantsDB and Quickbooks. ...
    (comp.databases.ms-access)
  • Re: Exchange Move Issues?
    ... I'm a bit confused on what permissions to assign for SBS, ... When you finish moving the databases, ... You can move the log files and database files to any folder that you want to ... Note Only assign permissions to the Server Operators group if the Exchange ...
    (microsoft.public.windows.server.sbs)
Loading