Re: Website allows everyone in, not matter what

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 06/25/04

  • Next message: news.microsoft.com: "Re: Hope this may be of some help to those with coolwebsearch issues" 
    Date: Fri, 25 Jun 2004 13:54:00 +1000

    What are the NTFS permissions for the file/folder in question?

    Cheers
    Ken

    "Tom Pennington" <NONEt2pennington@comcast.net> wrote in message
    news:ummdzZkWEHA.1368@TK2MSFTNGP10.phx.gbl...
    : Okay, I have created a web site that is open to the public, yet there are
    : pieces that need username/passwords to be able to get in, at least I
    : thought.
    :
    : NTFS Permissions are set so that only members of a particular group can
    get
    : to this directory, IIS Admin has this directory set to not allow Anonymous
    : access, yet people can get in. Here's the scenerio:
    :
    : 1. User is created in AD and put into a particular group (i.e.
    NO-Access).
    : 2. User (member of NO-Access group) goes to part of my web site and it
    : comes up and prompts for a username/password.
    : 3. If the user types in the username and password, they can get in. If
    : they click on cancel, then they get the 401.2 (unauthorized) error, which
    is
    : what I would expect.
    :
    : I'm baffled. I've checked the effective permissions for this user and
    : according to NT, they do not any rights to the directory or the file in
    : question, yet they can still get in. The error log shows error 200 0,
    which
    : means they got in with a valid username/password.
    :
    : The environment is: Windows 2003 (fully patched), IIS6 and NTFS for the
    : drives.
    :
    : HELP!!!
    :
    : thanks,
    : Tom
    :
    :

  • Next message: news.microsoft.com: "Re: Hope this may be of some help to those with coolwebsearch issues"

    Relevant Pages

    • Website allows everyone in, not matter what
      ... Okay, I have created a web site that is open to the public, yet there are ... NTFS Permissions are set so that only members of a particular group can get ... User (member of NO-Access group) goes to part of my web site and it ... means they got in with a valid username/password. ...
      (microsoft.public.inetserver.iis.security)
    • RE: Anonymous logon and ISAPI in IIS 5
      ... dlls. ... When I checked NTFS permissions on those, anonymous users didn't have ... So is the disk on which the files for the web site are located. ...
      (microsoft.public.inetserver.iis.security)
    • SBS 2003 SharePoint question
      ... domain name points to the Default Web Site. ... I've got FrontPage 2003 running ... http://local_server_name I get a username/password prompt. ... I hope that I am posting this question to a suitable board. ...
      (microsoft.public.sharepoint.portalserver)
    • Re: Website allows everyone in, not matter what
      ... issue when using Coldfusion MX and IIS with NTFS permissions set. ... CF will bypass the NTFS permissions and allow ANY user to view ... should see a check box that says something about allowing anonymous access. ... access rights for different users on a web site. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Blocking Anonymous IP addresses
      ... that IP address, then visit their web site or search google for their name, ... > Alternatively you could force people to supply a username/password when ... >> I run a hobby message board located off my computer (on ... >> poster in particular was banned but came back using an ...
      (microsoft.public.inetserver.iis.security)