Re: IIS ignoring NTFS Deny Permissions

From: Bernard Cheah [MVP] (qbernard_at_hotmail.com.discuss)
Date: 10/25/05

Next message: Bernard Cheah [MVP]: "Re: Integerated Authentication Not Work?"
Previous message: Bob [MSFT]: "Re: IIS 6.0, Old Credentials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 25 Oct 2005 11:18:06 +0800

You don't have much choice, as Group2 access the remote share impersonate as
the connectas user.
If both machine under the same domain, then try pass-through authentication
and specifically deny access for group2 at remoteshare.
How to Enable Pass-through Authentication for UNC Virtual Directories
http://support.microsoft.com/?id=214806

-- 
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"Ishmealm" <Ishmealm@discussions.microsoft.com> wrote in message 
news:6F3725BA-1864-4534-8777-46F6877CA669@microsoft.com...
> Hi,
>      I'm running IIS 5.0.  I have a virtual directory that resides on
> another server.  The folder that the virtual directory connects to has 
> Share
> permissions of Everyone "Change" and NTFS perms of 4 groups:
> Admins- Full Control
> Group1- Modify
> Group2- Deny (Full Control)
> ConnectAsSVCACCT- Read (Account I use in IIS for connect As)
>
> I have multiple users in Group2 that can access files inside of the above
> directory (all rights are inherited) through the web, but not through the
> share or by coming in from a higher share and drilling down.  My IIS perms
> are setup to use Basic authenication with SSL (no Anonymous or IWA). 
> Since
> the folder that the vd connects to is on another server, I use the connect 
> as
> acct listed above and have Read/Directory Browsing/Index this resource/Log
> Visits enable.  The contents of the directory are xls, pdf, and html
> documents.  I can't figure out why IIS is bypassing my NTFS security.  I 
> had
> a similar issue with ColdFusion files, but it was a known issue by 
> Macromedia:
> http://www.macromedia.com/devnet/security/security_zone/mpsb03-02.html
>
> Any help is greatly appreciated!
> Ishmeal

Next message: Bernard Cheah [MVP]: "Re: Integerated Authentication Not Work?"
Previous message: Bob [MSFT]: "Re: IIS 6.0, Old Credentials"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Win2k IIS5 FTP Server Error
... If you don't type the username and password, ... How to Enable Pass-Through Authentication for FTP UNC Virtual Directories ... the kb also explained the red error sign in virtual directory, ...
(microsoft.public.inetserver.iis.security)
Re: Securing remote virtual drives
... How to Enable Pass-Through Authentication for FTP UNC Virtual Directories ... > I need to create a virtual directory on my FTP server. ... > accounts and allow full access on other accounts. ...
(microsoft.public.inetserver.iis.ftp)