Re: Website allows everyone in, not matter what
From: Tom Pennington (NONEt2pennington_at_comcast.net)
Date: 06/25/04
- Next message: no_spam_at_hotmail.com: "Re: Russian IIS hack? Malicious Javascript code"
- Previous message: AndyMac: "Re: Russian IIS hack? Malicious Javascript code"
- In reply to: Ken Schaefer: "Re: Website allows everyone in, not matter what"
- Next in thread: Chris Martin: "RE: Website allows everyone in, not matter what"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Jun 2004 08:17:27 -0400
Administrator: Full Access
IUSR_Servername: Deny Full Access
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:%23WKM7fmWEHA.500@TK2MSFTNGP09.phx.gbl...
> What are the NTFS permissions for the file/folder in question?
>
> Cheers
> Ken
>
>
> "Tom Pennington" <NONEt2pennington@comcast.net> wrote in message
> news:ummdzZkWEHA.1368@TK2MSFTNGP10.phx.gbl...
> : Okay, I have created a web site that is open to the public, yet there
are
> : pieces that need username/passwords to be able to get in, at least I
> : thought.
> :
> : NTFS Permissions are set so that only members of a particular group can
> get
> : to this directory, IIS Admin has this directory set to not allow
Anonymous
> : access, yet people can get in. Here's the scenerio:
> :
> : 1. User is created in AD and put into a particular group (i.e.
> NO-Access).
> : 2. User (member of NO-Access group) goes to part of my web site and it
> : comes up and prompts for a username/password.
> : 3. If the user types in the username and password, they can get in. If
> : they click on cancel, then they get the 401.2 (unauthorized) error,
which
> is
> : what I would expect.
> :
> : I'm baffled. I've checked the effective permissions for this user and
> : according to NT, they do not any rights to the directory or the file in
> : question, yet they can still get in. The error log shows error 200 0,
> which
> : means they got in with a valid username/password.
> :
> : The environment is: Windows 2003 (fully patched), IIS6 and NTFS for the
> : drives.
> :
> : HELP!!!
> :
> : thanks,
> : Tom
> :
> :
>
>
- Next message: no_spam_at_hotmail.com: "Re: Russian IIS hack? Malicious Javascript code"
- Previous message: AndyMac: "Re: Russian IIS hack? Malicious Javascript code"
- In reply to: Ken Schaefer: "Re: Website allows everyone in, not matter what"
- Next in thread: Chris Martin: "RE: Website allows everyone in, not matter what"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
