IIS FTP Server - IIS Security

Author

IIS Security

Jonathan Lerche

2005-12-21, 5:57 pm

Can I manage security per user/group to a home directory using NTFS
Permissions? For some reason, it appears that only FTP permissions are being
recognized. I setup a local user with Read & Execute NTFS permissions to a
directory and set the IIS/FTP security on the home directory to
Read/Write/Log and I can still write to the directory via FTP. I was under
the impression that If Web permissions and NTFS permissions differ for a
directory or file, the more restrictive settings are used. This does not
appear to be the case here.

Jonathan Lerche

2005-12-21, 5:57 pm

p.s. This is a windows 2003 server running IIS 6.0 and yes, i've read the
articles.

"Jonathan Lerche" wrote:

> Can I manage security per user/group to a home directory using NTFS
> Permissions? For some reason, it appears that only FTP permissions are being
> recognized. I setup a local user with Read & Execute NTFS permissions to a
> directory and set the IIS/FTP security on the home directory to
> Read/Write/Log and I can still write to the directory via FTP. I was under
> the impression that If Web permissions and NTFS permissions differ for a
> directory or file, the more restrictive settings are used. This does not
> appear to be the case here.

Bernard Cheah [MVP]

2005-12-22, 2:58 am

Not in my testing

The most restrictive will be applied. Are you sure the user doesn't belong
to a user group that have access to the folder or file?
Create a new user to test it......
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/blogs/bernard/

"Jonathan Lerche" <JonathanLerche@discussions.microsoft.com> wrote in
message news:38F2766C-C19E-42F4-8D77-618A0243453B@microsoft.com...[vbcol=seagreen]
> p.s. This is a windows 2003 server running IIS 6.0 and yes, i've read the
> articles.
>
> "Jonathan Lerche" wrote:
>

Jonathan Lerche

2005-12-22, 7:49 am

Bernard, thanks for your help/resposne.

I "re-tested" and found that there was a rather severe ID10T error.

IIS Perms: Read, Write, Log
NTFS Perms: Deny Write
Put Result: Access Denied

IIS Perms: Read, Write, Log
NTFS Perms: Modify
Put Result: Can write to directory.

IIS Perms: Read, Log
NTFS Perms: Modify
Put Result: Access Denied

IIS Perms: Read, Write, Log
NTFS Perms: Read & Execute/List/Read
Put Result: Access Denied

As you would expect.

Anyhow, I think it's time to fess up.
During my testing i was enabling the "modify" permission, that of course
also enables the "write" permission. However, when unchecking the "modify"
permission it leaves the "write" permission enabled... thus the ID10T.

Thanks again for your time and I hope this helps someone else out.

-Jonathan

"Bernard Cheah [MVP]" wrote:

> Not in my testing

> The most restrictive will be applied. Are you sure the user doesn't belong
> to a user group that have access to the folder or file?
> Create a new user to test it......
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/blogs/bernard/
>
>
> "Jonathan Lerche" <JonathanLerche@discussions.microsoft.com> wrote in
> message news:38F2766C-C19E-42F4-8D77-618A0243453B@microsoft.com...
>
>
>

Jonathan Lerche

2005-12-22, 5:57 pm

Secondly, the local Users group is granted special write permissions to newly
created directories.

"Bernard Cheah [MVP]" wrote:

> Not in my testing

Bernard Cheah [MVP]

2005-12-25, 2:48 am

Don't quite get your previous msgs. so does this mean, you have fixed your
problem?

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/

"Jonathan Lerche" <JonathanLerche@discussions.microsoft.com> wrote in
message news:724394A8-2ED8-490F-A842-7279F47FB3B4@microsoft.com...[vbcol=seagreen]
> Secondly, the local Users group is granted special write permissions to
> newly
> created directories.
>
> "Bernard Cheah [MVP]" wrote:
>