Re: Additional Restrictions - option

From: bimosekin (bimosekin@hotmail.com)
Date: 04/03/03


From: "bimosekin" <bimosekin@hotmail.com>
Date: Thu, 3 Apr 2003 09:08:47 -0800


Thanks, I will try this to really get the glimps of
filemon. However, I have located the problem. The user do
have appropriate permission to its FTP-directory, but do
not have any on the default-FTP directory. The funny
thing however is that both directory are independent of
each other.

Rgds.
>-----Original Message-----
>I'm sure when you do a 'CD' it will show
>the directory you are using by ftp.exe
>and the status is either success, denied or not found
>and etc.
>
>you should run filemon on the ftp server. then ftp
>locally or from remote server.
>
>
>--
>Regards,
>Bernard Cheah
>http://support.microsoft.com/
>
>
>"bimosekin" <bimosekin@hotmail.com> wrote in message
>news:06d601c2f861$de481fa0$a301280a@phx.gbl...
>> Thanks for the patience, however, filemon does not
report
>> anything about the logins and subsequet commands. It
>> only logs the "open" and "bye" command, anything in
>> between is notlogged.
>>
>> >-----Original Message-----
>> >IIS FTP only support anonymous and basic. No windows
>> integrated.
>> >The things I'm wondering is when you set the additional
>> anonymous
>> >settings, some user works while some are not. if it
>> works, meaning
>> >the 'some other users' have some permission and rights
>> issue.
>> >
>> >You should try the filemon utility, it will shows you
>> related
>> >access issues.
>> >
>> >
>> >
>> >--
>> >Regards,
>> >Bernard Cheah
>> >http://support.microsoft.com/
>> >
>> >
>> >"bimosekin" <bimosekin@hotmail.com> wrote in message
>> >news:03ef01c2f792$f0ae8410$a601280a@phx.gbl...
>> >> BB,
>> >>
>> >> Thanks. The "users" group already have the
permission
>> >> mentioned in the KB: "Log on Locally" and Access this
>> >> computer from the netwrok", and all the user_accounts
>> are
>> >> in this group. The FTP is configured for both
>> Anonymous
>> >> and Windows integrated.
>> >>
>> >> I have anyway decided to do away with the "Additional
>> >> Restrictions for Anonymous Connections" option. The
>> most
>> >> funny thing now is that the problem still persist,
>> which
>> >> was not the case before.
>> >>
>> >> I no longer Know what exactly is going on.
>> >>
>> >> bimoseekin
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >Try
>> >> >http://support.microsoft.com/?id=200475
>> >> >
>> >> >if no luck, get filemon from sysinternals.com,
>> >> >run it, then try to access, look for 'access denied'
>> >> >entry, then granted related rights.
>> >> >
>> >> >
>> >> >--
>> >> >Regards,
>> >> >Bernard Cheah
>> >> >http://support.microsoft.com/
>> >> >
>> >> >
>> >> >"bimosekin" <bimosekin@hotmail.com> wrote in message
>> >> >news:029001c2f750$169b0e20$a101280a@phx.gbl...
>> >> >> Bernard,
>> >> >>
>> >> >> Yes, the error msgs is 530 "User cannot log in,
home
>> >> >> directory inaccessible. Login failed"
>> >> >>
>> >> >> This could not be the case since the user is in a
>> group
>> >> >> that has the same access and permissions, and
there
>> is
>> >> no
>> >> >> where anyone is denied access.
>> >> >>
>> >> >> What steps should I take to rectify this?
>> >> >>
>> >> >> Thanks,
>> >> >> bimosekin
>> >> >>
>> >> >> >-----Original Message-----
>> >> >> >What will be the error msgs ? 530 ?
>> >> >> >have you try using ftp.exe and login as
>> >> >> >that user at that workstation ?
>> >> >> >
>> >> >> >
>> >> >> >--
>> >> >> >Regards,
>> >> >> >Bernard Cheah
>> >> >> >http://support.microsoft.com/
>> >> >> >
>> >> >> >
>> >> >> >"bimosekin" <bimosekin@hotmail.com> wrote in
>> message
>> >> >> >news:046d01c2f553$0284bf20$2f01280a@phx.gbl...
>> >> >> >> In trying to harden security on our
W2K/IIS5.1, I
>> >> >> enable
>> >> >> >> the enabled the "Additional Restrictions for
>> >> Anonymous
>> >> >> >> Connections" by setting the option to "2 - No
>> access
>> >> >> >> without explicit anonymous permission, on
>> the "local
>> >> >> >> security" configuration.
>> >> >> >>
>> >> >> >> This is working fine, however, I have some
users'
>> >> >> account
>> >> >> >> on the system who connect through FTP. The
funny
>> >> >> thing is
>> >> >> >> that some succeeds while some fails, even when
>> they
>> >> >> are in
>> >> >> >> the same group. These users' have appropriate
>> NTFS
>> >> >> >> permission on their respective FTP folder. They
>> can
>> >> >> >> connect again once I reset this option
to "0". I
>> >> have
>> >> >> >> make sure that "everyone" do not have denied
>> >> permission
>> >> >> >> anywhere, and there is no where the failing
>> users'
>> >> have
>> >> >> >> restriction permission on their respective
>> folder.
>> >> >> >>
>> >> >> >> Where should I check again?
>> >> >> >
>> >> >> >
>> >> >> >.
>> >> >> >
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>



Relevant Pages

  • Re: Additional Restrictions - option
    ... you should run filemon on the ftp server. ... >>the 'some other users' have some permission and rights> issue. ... >>> bimoseekin ...
    (microsoft.public.inetserver.iis.security)
  • Re: Server Application Unavailable [have to reinstall ASP.NET after each reboot]
    ... This could be a permission issue. ... Clean the EventLog if required. ... Run RegMon & FileMon ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Additional Restrictions - option
    ... is the ftproot permission same as the ... physical folder redirect root folder? ... I have> already created different virtual directories and> respective users having NTFS permission. ... >>filemon will show you this as well. ...
    (microsoft.public.inetserver.iis.security)
  • RE: IE in Win 2000 TS
    ... You can use Filemon & Regmon to determine which files or registry keys users need permission to access w/o giving them administrative rights & permissions. ... Microsoft MVP - Terminal Server ...
    (microsoft.public.win2000.termserv.apps)
  • Re: FTP problem with more than 2 users configured
    ... I ran filemon on the ftp server. ... The home folder is on the local ... >>> Bernard Cheah ...
    (microsoft.public.inetserver.iis.ftp)