Re: Security hole?

From: david mckenzie (DavidMcKenzie_at_bonbon.net)
Date: 07/18/04 

Date: Sun, 18 Jul 2004 08:28:08 -0500

I generally tell folks that content may be made "personal, but not private"
This fits in with our policy on email, etc...
Those in highly regulated environments might want to consider other options.
Which raises another question I will post seperately

"Mike Walsh" <englantilainen@hotmail.com> wrote in message
news:OPkm8K9aEHA.2892@TK2MSFTNGP10.phx.gbl...
> No you are not missing anything.
>
> It is standard for Administrators to see everything in a restricted access
> document library. In fact designers (whatever the second level of standard
> authorization is) can see everything too. You will notice that only
Readers
> and Contributors are listed specifically when you amend the access rights
to
> a Doc Lib - thus only they can be removed. The two default roles above
that
> still can access.
>
> Mike Walsh, Helsinki, Finland
> WSS FAQ at wss.collutions.com
> Please post questions to the newsgroup only.
>
>
> "Vad Adler" <VadAdler@discussions.microsoft.com> wrote in message
> news:DE9E4AAC-32EE-4DBB-BFA9-F8BA6D0DCB36@microsoft.com...
> > Hello,
> >
> > I have created a subweb (document workspace) with unique permissions to
be
> able to manage users separately from the parent Web site. When a user is
not
> added to the site he does not even see this workspace in the list of all
> configured sites and workspaces. However, if this particular user belongs
> to Administrators user group on the machine which runs WSS the site
becomes
> visible to him and he has full control over the site. This fact does not
> seem right to me. Any ideas?
> >
> > I have dropped BUILTIN\Administrators login from the instance of MSDE. I
> also removed that login from sysadmin server role.
> >
> > Am I missing anything?
> >
> > Thanks,
> > vad...
> >
>
>

Relevant Pages