Another IIS Permissions Question

From: Jonathan W. (
Date: 01/23/04

  • Next message: Darkangel: "Re: New to IIS Security"
    Date: 22 Jan 2004 20:16:21 -0800

    I'm trying to straighten out a mess at my new office on a web server
    running IIS5 on Win2000.

    Running basically as an ISP, have 8 websites running on the IIS
    server, with FrontPage Server Extensions installed.

    Most of our clients aren't allowed to upload their own files, however,
    a couple sites need the ability to upload & change their site as
    needed, so we have created FPSE accounts for each of those clients.

    Problem is that either of those accounts, which can be used to
    upload/change using either FP or directly thru FTP can browse all of
    the other sites on the server -- not just their own. So, person-A
    from Website-A can browse Website-B, C, and so on.

    The other odd thing is that whenever you FTP into the server using the
    person's account, it defaults to the wwwroot folder, which means you
    can see everything inside -- which again, is all the websites.

    So, 2 main questions:
    1. Why is it that when you FTP into a specific site that it defaults
    to the wwwroot directory, and not the specific website you're FTP'ing
    2. How can I keep this website administrator from browsing all of the

    Here are the permissions...

    Permissions are set as follows:
    -Administrators: Full Control
    -Everyone: Read
    -Interactive: List Folder Contents
    -System: List Folder Contents
    -Network: List Folder Contents

    Permissions on the Website in Question:
    -Administrators: Full Control
    -(Account used to administer the server from the client site): Full
    -IUSR Account: Read

    Permissions on another random Website on the sam server:
    -Administrators: Full Control
    -System: List Folder Contents
    -Network: List Folder Contents
    -(Several OWS accounts for FPSE): List Folder Contents

  • Next message: Darkangel: "Re: New to IIS Security"