Re: IIS 5 allows anonymous editing via Frontpage
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 29 Mar 2006 06:23:53 -0700
Then you need to verify what account(s) are in the authoring group, and
that the browse group is not used to give excess NTFS permissions.
Also, check members of any other group that has NTFS grants that
are equal or more liberal than what is given to the authors group.
Is saying check the members I mean check not in the FP admin page
but in the computer management (compmgmt.msc)
One quick way out of this might be to use the selection in All Tasks
to revert the FP web to a VDir. This should get rid of all traces of
FrontPage grants. Then, delete the auto-generated groups. Perhaps
then also set permissions on the content from the top inherited to all
(such as Administrators Full, IUsr_ Read). Finally then convert it
back to a FP web and grant authorship using the FP admin page.
If this is the entire site, not just a web, one could do the same thing
except one extends the site and has a little more work to do to
revert to an unextended site compared to use of revert FP web to
VDir task. At that point, if one needed to remove from site, I would
consider uninstall of the FP2000 extensions and then have only the
FP2002 extensions installed.
"Tim100873" <Tim100873@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B6FE3F42-4036-4DA2-9BA8-669DF2C3A6D0@xxxxxxxxxxxxxxxx
Hi,
I verified the sites are on NTFS, and All three groups - Authors, Admins,
and Browsers are present in Computer Manager as groups for each site.
If I leave enable Authoring checked on the Server Extensions tab for each
site, then no developer can attach to the sites to work on, but if I leave
it
enabled, anyone on the planet can load the sites and do whatever they want
with them.
Thanks,
Tim
"Roger Abell [MVP]" wrote:
It sounds like you are storing the website content on FAT instead
of NTFS volume
"Tim100873" <Tim100873@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A7DC80EB-663B-4D2A-A8AC-DF2D1D2629C4@xxxxxxxxxxxxxxxx
Greetings,
We are running IIS 5, and have run the lockdown tool (2.1) using the
FPEx
template. We have noticed that anyone that opens the website inside
Frontpage can edit the contents of all websites on this server without
being
prompted for a password. We hope this is a simple misconfiguration
issue
and not an undocumented feature. Any advice you may have will be
greatly
appreciated. At present, we have turned off the Authoring feature on
all
our
websites. This is not ideal, but effective for the moment. Thanks for
any
suggestions.
.
- References:
- Re: IIS 5 allows anonymous editing via Frontpage
- From: Roger Abell [MVP]
- Re: IIS 5 allows anonymous editing via Frontpage
- Prev by Date: Re: Anonymous Account not working
- Next by Date: inherited problem
- Previous by thread: Re: IIS 5 allows anonymous editing via Frontpage
- Next by thread: Re: Passing form credentials to windows security
- Index(es):
