SharePoint Security

---

• From: "Herbert" <Herbert@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 12 Apr 2005 12:32:28 -0700

---

I don't know if this has been covered here before, I've tried to search but
no luck.

I notice that a non-admin user can access
http://Sitename/_layouts/1033/settings.aspx page. Normal user cannot
access the links on that page, and will get prompted for username/password,
however, they can try as many times as possible. easy target for just a
brutal force attack. Why did MS implement this? Is there a way to block
non-admin users from seeing settings.aspx at all (ie. they won't even get
prompt for password and just display a 401)

I'm planning on putting WSS as an internet site, it's not a very good idea
to let others see your site setting page.

Thanks a lot.
.

---

• Follow-Ups:
  • Re: SharePoint Security
    • From: Bill English [MVP]
  • Re: SharePoint Security
    • From: Steven Collier [MVP]

• Prev by Date: Re: Cannot search
• Next by Date: Urgent: Sharepoint / Active directory services / configuring
• Previous by thread: LCS & Members Webpart
• Next by thread: Re: SharePoint Security
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: SharePoint Security ... I think windows would still lock out the password after the given number of ... > I notice that a non-admin user can access ... > prompt for password and just display a 401) ... (microsoft.public.sharepoint.portalserver) Re: Normal.dot wants to save ... Logged on as non-Admin user, shutting down Word, it says it can't save ... Normal.dot yaditty yaddity blah. ... Options allow you to turn on/off prompt to save Normal.dot, ... (microsoft.public.word.docmanagement)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > SharePoint  > microsoft.public.sharepoint.portalserver  > 2005-04