Re: IIS 6 / FrontPage Group Isolation
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 07/12/03
- Next message: Owen Goodfellow: "Re: Ummm...No they don't really"
- Previous message: Roger Abell [MVP]: "Re: IIS 6 / FrontPage Group Isolation"
- In reply to: Scott Muc: "Re: IIS 6 / FrontPage Group Isolation"
- Next in thread: Scott Muc: "Re: IIS 6 / FrontPage Group Isolation"
- Reply: Scott Muc: "Re: IIS 6 / FrontPage Group Isolation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Jul 2003 23:27:20 -0700
"Scott Muc" <smuc@paconline.net> wrote in message
news:09e601c347f1$b682c620$a001280a@phx.gbl...
> Just found out something else. Extending FrontPage
> extensions puts NETWORK/INTERACTIVE and the custom FPSE
> group in the ACL only when the site was created using my
> ASP createsite script.
>
> If I create the site manually it works fine. Not sure it
> it will help but I'm attaching the code that creates a
> website : http://muc-central.com/createsite.txt
Hmmm. I do not really understand this behavior.
Your script, which by the way is quite similar to settings
that I use, does not do the FP extending (which of course
cannot be scripted - only shelled out to owsadm, repetitively)
<PS> From the script I see you likely are already using
separate iusr accounts (i.e. your iusername). However,
as I understand it, to effect similar for the IWAM with
IIS 6 you need to have an app pool per distinct authoring
ownership (sounds like a performance killer doesn't it ?)
Notice how that clarifies earlier response in other post
where I was thinking IIS5.
</PS>
>
> I guess I could create a site with my script, and another
> manually and do a diff on the metabase properties.
>
We think alike, after reading this last I just cut out from
further up where is now <PS>
<snipped>
So, I am assuming that if the IIS UI is used then there is some
other property set to which FPSE will pay attention, or I guess
it is feasible this is persisted somewhere other than the metabase.
It may be interesting to compare the XML for sites defined in the
two ways, adjust the script created one for any diffs before
extending . . . This would narrow down where something is
persisted that the FPSE obviously is paying attention to .
Over all, that you find a behavior like this is not too surprising.
Sort of like the old metabase property that a vDir/vWebdir was
a FP web, which seemed to stop doing anything at one version
although still there and documented as enabling the extending.
</snipped>
> This is getting way too complicated :-)
>
You have seen the half++ of it, to effect containment with
FPSE 02 in use. I have script to generate a security
configuration editor template to effect filesystem ACLing.
I script, much like your's, site definition and gen out a
bat file of owsadm commands to extend the web and
tie the groups that were earlier gen'd in script to FPSE
authoring role (and browse role for resticted access webs)
The most difficult part is discovering just what grants
are needed where for FPSE and IIS (but IIS is more
clear), and I have not yet begun to port the template
generator to the IIS6 case, as was no doubt obvious
in some earlier comments.
In my opinion you are on the right track, and it is
way too complicated.
Good luck,
Roger
- Next message: Owen Goodfellow: "Re: Ummm...No they don't really"
- Previous message: Roger Abell [MVP]: "Re: IIS 6 / FrontPage Group Isolation"
- In reply to: Scott Muc: "Re: IIS 6 / FrontPage Group Isolation"
- Next in thread: Scott Muc: "Re: IIS 6 / FrontPage Group Isolation"
- Reply: Scott Muc: "Re: IIS 6 / FrontPage Group Isolation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
