Re: Indexing Service in an Intranet

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Hilary Cotter (hilary.cotter_at_gmail.com)
Date: 12/03/04

  • Next message: Hilary Cotter: "Re: How to determine version" 
    Date: Fri, 3 Dec 2004 15:48:51 -0500

    That is not my understanding of how this works.

    If you query from a web page it depends on your authentication mechanism.
    Anonymous authentication will only allow you to see search results which the
    IUSER_MachineName or the Everyone Account has rights to see. Querying using
    basic or Windows authentication will allow you to see search results which
    your account has rights to see. This applies to virtual directories and
    physical folders (non web roots).

    If you query from a non web application it depends on your NT account as
    Windows authentication predominates. This applies if you are searching
    physical or virtual roots.

    If your local IS server is indexing remote shares, you can see search
    results for documents that the crawl account has rights to see on the
    shares.

    Some users have posted that you can query remote IS catalogs and security is
    bypassed.

    HTH 

    -- 
Hilary Cotter
Looking for a SQL Server replication book?
Now available for purchase at:
http://www.nwsu.com/0974973602.html
"Jeff Cochran" <jeff.nospam@zina.com> wrote in message 
news:41b066f8.422010839@msnews.microsoft.com...
> I'm just trying to clarify something that I think has been annoying me
> on our intranet searches.  This is on Server 2003.
>
> If I use a virtual folder in IIS and index the resource, I get VPaths,
> where if I just add a folder in indexing services I don't.  But if I
> use the folder in indexing services, without returning the VPath, I
> can maintain the ACL's on the indexed files/folders, and return only
> those files accessible to the authenticated user, correct?
>
> Whereas with a virtual folder I return files accessible to the system
> account, which may result in VPath links to files that a user normally
> has no permissions to, correct?
>
> Thanks for any help clarifying this or confirming what it looks like
> I've found in testing.
>
> Jeff
  • Next message: Hilary Cotter: "Re: How to determine version"

    Relevant Pages

    • Re: File System Object Lockdown...possible?
      ... This leads to apparently both IUSR and IWAM ... authentication enabled, then only IUSR), process identity (Network Service ... also verified that his site does use the IUSR account to run as annonymous. ... > If a developer is able to create a file in a folder outside his website, ...
      (microsoft.public.inetserver.iis.security)
    • Re: LDAP Authentication from Linux
      ... As of Windows Server 2003 SP1, you must be a member of Authenticated Users to query Active Directory. ... So a limited account on the domain should have enough privileges to query it via LDAP if its properly bound. ... I'm trying to implement a secure authentication from an apache2 server across to my SBS2003 server. ...
      (microsoft.public.windows.server.sbs)
    • Digest access to UNC share
      ... I am trying to set up webDAV folders using digest authentication. ... trying to access a folder on another machine through a UNC name, ... even if the authenticating account is a domain ...
      (microsoft.public.inetserver.iis.security)
    • Re: IIS authentication
      ... > authentication' ONLY. ... I have SSL required for this folder. ... > 1) can a user whose account is DISABLED view this page? ... Tom Kaminski IIS MVP ...
      (microsoft.public.inetserver.iis)
    • Re: IIS authentication
      ... > authentication' ONLY. ... I have SSL required for this folder. ... > 1) can a user whose account is DISABLED view this page? ... Tom Kaminski IIS MVP ...
      (microsoft.public.inetserver.iis.security)