Re: WebDav Permissions for Operators groups

But it seems that WebDav could bybass NTFS security, give it a try.
The ACEs I wrote in my initial post is the "complete list", watch below I
add the output of xcacls.

Roman

########################################################################

D:\Temp>XCACLS.vbs d:\Temp\Read
Starting XCACLS.VBS (Version: 5.2) Script at 18.10.2007 10:22:05

Startup directory:
"D:\Temp"

Arguments Used:
Filename = "d:\Temp\Read"

**************************************************************************
Directory: D:\Temp\Read

Permissions:
Type Username Permissions Inheritance

Allowed OITO01V\ladmin Full Control This Folder, Subfolde
Allowed OITO01V\User1 Read and Execute This Folder, Subfolde

No Auditing set

Owner: OITO01V\ladmin
**************************************************************************

Operation Complete
Elapsed Time: 0,53125 seconds.

Ending Script at 18.10.2007 10:22:06


"Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:ugIJwbIEIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx
What are all the access control entries on that folder? Users can not
bypass NTFS permissions (except when using backup APIs, and they have the
"backup system" security privilege)

Cheers
Ken

--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken


"Roman" <rb_bu@xxxxxxxxxxx> wrote in message
news:%23jgZX2wDIHA.4684@xxxxxxxxxxxxxxxxxxxxxxx
I have a standalone Windwos 2003 Server SP1 with IIS 6.0 and WebDav
enabled (a AD integraded server has the same behaviour).
A Folder on the server is mounted as Virtual Directory, which has the
following NTFS permissions:

User1: Read & Execute, List Folder Contents, Read
User2: Full Controll (for administration)

User1 is member of the group Users

==> everything is workig, the User1 has only read access through WebDav
and through Windows Explorer on the server.

Now my Problem:
I add the User to the "Backup Operators" group (the problem also exist if
I add the User1 to "Server Operators" or "Administrators" groups)

==> Through WebDav the User1 is now able to create Folders, delete Files
and Folders, through Windows Explorer (local at the server) the User1 has
still read only permissions.

Is the problem known?
Is a hotfix or a knowlege base article available for this problem? (I
didn't find something.)
Is the problem solved with Service Pack 2?
Is a workaround available (except "remove the user from the group ...")

Thanks!
Roman






.

Relevant Pages

  • Re: Totally confused with this NTFS scenario!
    ... No, TEST.TXT was created with the adminstrator account, so the admin ... Using the admin account, I created a standard user, named "User1" ... Principal rule for NTFS permission: "NTFS permissions are cumulative". ...
    (microsoft.public.cert.exam.mcsa)
  • Re: Totally confused with this NTFS scenario!
    ... Using the admin account, I created a standard user, named "User1" ... On TEST.TXT, i disabled inheritance, removed all entries on the ACL, ... Principal rule for NTFS permission: "NTFS permissions are cumulative". ...
    (microsoft.public.cert.exam.mcsa)
  • Re: Secure an upload page
    ... FPSE can be used on a site-by-site basis, but WebDAV can not. ... handling your NTFS permissions. ...
    (microsoft.public.inetserver.iis.security)
  • Re: to access files on Win2003 server requires a second password
    ... > Check on your file server that user1 has NTFS permissions to access these ... Also make sure that user1 has permissions to access share on the ... If User1 only has access on share, but not on NTFS, user will be ...
    (microsoft.public.windows.server.setup)
  • Re: WebDav access to Contact.LastModificationTime and Contact.User1
    ... What exactly do you mean by User1? ... I have a mapping table for the Outlook Object Model, ... Are all outlook contact properties mapped in webdav? ...
    (microsoft.public.exchange.development)