Re: restricting access in IIS6 with NTFS

From: GCF (GCF_at_discussions.microsoft.com)
Date: 08/23/05 

Date: Mon, 22 Aug 2005 18:03:02 -0700

Sorry if I posted in the wrong forum, but you answered my question and we
have solved the problem. Thanks!

"David Wang [Msft]" wrote:

> This really isn't an IIS question. It's a basic Windows ACL question.
>
> If you want to restrict access to a resource to a certain subset, then you
> should only have the ACLs for that subset on the resource.
>
> In your case, it is "Authenticated Users" that is allowing additional users
> access. Interactive relates to how a user logged onto the server; IIS does
> not use interactive logon.
>
> However, if a user that is NOT in that subset can log onto the server
> machine itself, they will have access to the content. This is why physical
> security is also important for a server...
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
> "GCF" <GCF@discussions.microsoft.com> wrote in message
> news:B4A0BA54-F029-4931-9DBF-B6031EEBB7BF@microsoft.com...
> Hi,
>
> I am trying to restrict a simple html web page (no written security around
> it) to a subset of the domain users. In IIS, I have de-selected the
> Anonymous
> User and selected Win Integrated.
>
> For folder permissions where the html page is located, I have an Admin group
> and a User group. The User group contains NT Authority/Authenticated Users
> (S-1-5-11), NT Authority/Interactive(S-1-5-4) and a list of users that will
> be allowed access.
>
> When I try to have someone not in the list of specific users, they can bring
> up the page. Is this b/c of the NT Authority/Authenticated Users (S-1-5-11),
> NT Authority/Interactive(S-1-5-4)? Does this allow all users on the domain
> to
> access the page? And if so, can I remove them?
>
> Thanks,
> GCF
>
>
>
>

Relevant Pages

  • Re: Need help with Apache configuration. Broken images and css
    ... # This file contains all configuration options ... # tsl 11/05/2001: Added password protection for NIN Senior Health ... # General Server Configuration options ... # Currently restrict access to NLM ...
    (comp.infosystems.www.servers.unix)
  • Re: compromised server
    ... Restrict access to your box using IP Firewall services. ... the less secure your server is. ... will enable you to view various programs and ports being use. ... In anycase being hacked rootkits install various programs to setup setuid ...
    (FreeBSD-Security)
  • Re: Ask EU- Webcams
    ... If you are running a webserver on your own PC you are solely responsible for the security and setup for that server. ... If your website generates abnormally high hit levels or generates ... you may run other servers but be aware that we reserve the right to restrict access to them should they cause network problems or should we receive complaints from other customers. ... mike dot mcmillan at ntlworld dot com ...
    (uk.media.radio.archers)
  • Re: Need help with Apache configuration. Broken images and css
    ... # tsl 11/05/2001: Added password protection for NIN Senior Health ... # General Server Configuration options ... AllowOverride None ... # Currently restrict access to NLM ...
    (comp.infosystems.www.servers.unix)
  • Re: Mount HD from different PC without Login
    ... the server does not have USB. ... | As in a workgroup environment users would have to logon on each 'server' ... | still need to restrict access), I want to mount the HD in a transparent ... without entering their passwords again (and ...
    (microsoft.public.win2000.file_system)