Another IIS Permissions Question

From: Jonathan W. (CT1705_at_hotmail.com)
Date: 01/23/04

  • Next message: Darkangel: "Re: New to IIS Security"
    Date: 22 Jan 2004 20:16:21 -0800
    
    

    I'm trying to straighten out a mess at my new office on a web server
    running IIS5 on Win2000.

    Running basically as an ISP, have 8 websites running on the IIS
    server, with FrontPage Server Extensions installed.

    Most of our clients aren't allowed to upload their own files, however,
    a couple sites need the ability to upload & change their site as
    needed, so we have created FPSE accounts for each of those clients.

    Problem is that either of those accounts, which can be used to
    upload/change using either FP or directly thru FTP can browse all of
    the other sites on the server -- not just their own. So, person-A
    from Website-A can browse Website-B, C, and so on.

    The other odd thing is that whenever you FTP into the server using the
    person's account, it defaults to the wwwroot folder, which means you
    can see everything inside -- which again, is all the websites.

    So, 2 main questions:
    1. Why is it that when you FTP into a specific site that it defaults
    to the wwwroot directory, and not the specific website you're FTP'ing
    into?
    2. How can I keep this website administrator from browsing all of the
    directories?

    Here are the permissions...

    Permissions are set as follows:
    -Administrators: Full Control
    -Everyone: Read
    -Interactive: List Folder Contents
    -System: List Folder Contents
    -Network: List Folder Contents

    Permissions on the Website in Question:
    -Administrators: Full Control
    -(Account used to administer the server from the client site): Full
    Control
    -IUSR Account: Read

    Permissions on another random Website on the sam server:
    -Administrators: Full Control
    -System: List Folder Contents
    -Network: List Folder Contents
    -(Several OWS accounts for FPSE): List Folder Contents


  • Next message: Darkangel: "Re: New to IIS Security"

    Relevant Pages

    • Enable Bandwidth throttling programmatically using WMI in C#
      ... Does anybody has the script to add Bandwidth throttling and Website ... public string IPAddress ... /// Gets or sets the name of the IIS server that site ... ManagementObject ...
      (microsoft.public.win32.programmer.wmi)
    • Re: Permission Problems SBS2003 R1
      ... website on the SBS server? ... Default permissions and user rights for IIS 6.0 ... Step 3: Please check the permissions in IIS manager: ... Step 4: Re-running CEICW on SBS server: ...
      (microsoft.public.windows.server.sbs)
    • 85010014 error - resolved - ActiveSync Exchange Server
      ... Application Log on our server would be filled with those ActiveSync 3005: ... It basically all comes down to the basics of Windows DNS, how SSL ... and our Default Website could only properly respond to ONE IP ... SSL host header using port 443 with our SSL cert. ...
      (microsoft.public.pocketpc.activesync)
    • 85010014 error - Exchange ActiveSync - Resolved
      ... Application Log on our server would be filled with those ActiveSync 3005: ... It basically all comes down to the basics of Windows DNS, how SSL ... and our Default Website could only properly respond to ONE IP ... SSL host header using port 443 with our SSL cert. ...
      (microsoft.public.exchange.connectivity)
    • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
      ... > By this, I mean, usually, on the basic logon screen of a server, I see ... >>;) under the website in question, enabling only Basic authentication. ... and can use the local administrator account to successfully ...
      (microsoft.public.inetserver.iis.security)