Re: restricting access in IIS6 with NTFS

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 08/22/05

  • Next message: David Wang [Msft]: "Re: Limited rights in IIS6?" 
    Date: Mon, 22 Aug 2005 13:11:52 -0700

    This really isn't an IIS question. It's a basic Windows ACL question.

    If you want to restrict access to a resource to a certain subset, then you
    should only have the ACLs for that subset on the resource.

    In your case, it is "Authenticated Users" that is allowing additional users
    access. Interactive relates to how a user logged onto the server; IIS does
    not use interactive logon.

    However, if a user that is NOT in that subset can log onto the server
    machine itself, they will have access to the content. This is why physical
    security is also important for a server... 

    -- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"GCF" <GCF@discussions.microsoft.com> wrote in message
news:B4A0BA54-F029-4931-9DBF-B6031EEBB7BF@microsoft.com...
Hi,
I am trying to restrict a simple html web page (no written security around
it) to a subset of the domain users. In IIS, I have de-selected the
Anonymous
User and selected Win Integrated.
For folder permissions where the html page is located, I have an Admin group
and a User group. The User group contains NT Authority/Authenticated Users
(S-1-5-11), NT Authority/Interactive(S-1-5-4) and a list of users that will
be allowed access.
When I try to have someone not in the list of specific users, they can bring
up the page. Is this b/c of the NT Authority/Authenticated Users (S-1-5-11),
NT Authority/Interactive(S-1-5-4)? Does this allow all users on the domain
to
access the page? And if so, can I remove them?
Thanks,
GCF
  • Next message: David Wang [Msft]: "Re: Limited rights in IIS6?"

    Relevant Pages

    • HTTP Error 401.3 only in Netscape and Safari, not Internet Explorer?!
      ... I'm on Windows 2000, running IIS, ... the resource I'm accessing is a CGI executable ... If I use any other web browser besides internet explorer i ...
      (microsoft.public.inetserver.iis)
    • Re: IIS (or ASP.NET) stops sending a file after only a few hundred byt
      ... get a network trace of the exact request that hangs (along with the ... I think might be an IIS issue. ... A page - ResourceLoader.aspx - takes a parameter named Resource that holds ... always hangs until the browser timeouts, ...
      (microsoft.public.inetserver.iis)
    • Re: asp.net application not resolving relative paths (similar issue)
      ... Server Error in '/AccountClient' Application. ... The resource you are looking for(or one of its ... Is IIS storing the web.config in it when the application first started?. ... ISAPI filter tab. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: 401.3 frustration
      ... please indicate what user is actually authenticated to IIS as well as ... the ACLs on the resource. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... disabled and basic authentication selected. ...
      (microsoft.public.inetserver.iis.security)
    • RE: localhost vs. macinename in URL (access denied)
      ... Whenever you access resources not on the local IIS server you are creating ... IIS machine and you access the resource using localhost in the browser this ... permissions on the remote machine then you will be able to gain access to ... Run the process as a Domain Account in the machine.config file ...
      (microsoft.public.dotnet.security)