Re: Folder/Share security question

Ok, permissions were set exactly as you listed below, but still weren't
working correctly. Then I noticed the local Users group had special
permissions to the SHARE. Looking deeper, the Domain Users group (that
everyone is a member of) was a member of the local Users group, which in
turn had Create Folder & Create File permissions set. That was my culprit.
I have removed the Domain Users group from the local Users group and now all
is well. HR only has their 4 folders and Communications has all access
(except Full) Sheesh... Thanks so much for your help!!

Bill

<jwgoerlich@xxxxxxxxx> wrote in message
news:faf370f5-1d81-4f47-9f40-0f95529b6dfe@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Is Creator Owner have access to create files on wwwroot? That may be
why HR can.

Here is the explicit permissions that I have set on wwwroot:

Administrators: Full
IIS_WPG: Read & Execute, List Folder Contents, Read
IUSR_SERVER: Read & Execute, List Folder Contents, Read
SYSTEM: Full
HR: List Folder Contents
Main Dept: All but Full

On the Advanced Security Settings for wwwroot, I have [ ] Allow
inheritable permissions from the parent to propogate unchecked.

J Wolfgang Goerlich

On Jan 7, 11:40 am, "Bill Clark" <billclark@xxxxxxxxxxxx> wrote:
Hey Wolfgang, I followed what you suggested and here's what I get. Summary
of what I did:
On the SHARE (under permissions) - Granted HR group Change & Read
On the FOLDER (under security) - Granted HR group List Folder Contents
On 4 FOLDER(s) (under security) - Gratned HR group all but Full Control
On all other FOLDERs (under security) - HR group sows as List Folder
Contents only and is grayed out

Results from above, a member of the HR group can view everything (folders
&
files) under the WWWRoot shared folder and can also created folders &
files
in every folder under the WWWRoot shared folder. Does the "inheritable
permissions" checkbox have anything to do with this? I've double-checked
the setup in AD and the HR group only has 3 members (2 real and this test
one I'm using) and the Test account is NOT an admin of any sort. Ideas?

Bill


.

Relevant Pages

  • Re: Minimum NTFS Permissions - Theres such a thing???
    ... ?2001 Microsoft Corporation. ... HOW TO: Set Minimum NTFS Permissions Required for IIS 5.0 to Work WGID:198 ... " List Folder Contents" ...
    (microsoft.public.inetserver.iis.security)
  • Re: Unable to delete orphaned 1.5 GB System Restore folder
    ... The fact that the tech support is based in India has nothing to do with the ... If so you may want to leave this folder alone. ... down to all children folders because i can set those permissions to ... try deleting from the command line using system by using the AT ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Unable to delete orphaned 1.5 GB System Restore folder
    ... The only computers i fix are my own. ... If so you may want to leave this folder alone. ... it includes all subdirectories with inherited permissions. ... try deleting from the command line using system by using the AT ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Word mail merge data source
    ... "Peter Jamieson" wrote: ... Word on it) then there may be a problem if the folder containing the data ... Word builds a connection string. ... superset of other users' permissions - for example, ...
    (microsoft.public.word.vba.general)
  • RE: no OWA
    ... have the correct permissions was the "inetpub" folder. ... Correct the settings in IIS: ... click to check the "Hide All Microsoft Services" ...
    (microsoft.public.windows.server.sbs)