|
Home > Archive > IIS Server Security > April 2005 > Traverse rights - yet can read files. Help?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Traverse rights - yet can read files. Help?
|
|
| ben.werdmuller@sbs.ox.ac.uk 2005-04-26, 7:48 am |
| Hi all,
I've got an IIS webserver where I need some users (authenticated using
active directory) to have traverse rights through a directory but *not*
rights to read or execute any of the files in it. I've set up a
particular group with traversal rights with no read/execute, yet try as
I might, I can't prevent them from opening the files.
Anyone got any idea what the problem might be? Is this just not
possible in IIS, or is there some rights management thing I've
forgotten to take into account? It's driving me nutty ...
Cheers,
Ben
| |
| David Wang [Msft] 2005-04-27, 2:48 am |
| I'm not an NTFS ACL expert, but this definitely is not an IIS security
issue. You need to ask this in a core Windows Security group about how NT
ACLs work. I do not think you set up the NTFS ACLs correctly because the
"List" and "Read" permissions should already be able to control whether a
user can list files and look inside of each file.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<ben.werdmuller@sbs.ox.ac.uk> wrote in message
news:1114509553.650027.313410@f14g2000cwb.googlegroups.com...
Hi all,
I've got an IIS webserver where I need some users (authenticated using
active directory) to have traverse rights through a directory but *not*
rights to read or execute any of the files in it. I've set up a
particular group with traversal rights with no read/execute, yet try as
I might, I can't prevent them from opening the files.
Anyone got any idea what the problem might be? Is this just not
possible in IIS, or is there some rights management thing I've
forgotten to take into account? It's driving me nutty ...
Cheers,
Ben
| |
| Jeff Cochran 2005-04-27, 5:57 pm |
| On 26 Apr 2005 02:59:13 -0700, ben.werdmuller@sbs.ox.ac.uk wrote:
>I've got an IIS webserver where I need some users (authenticated using
>active directory) to have traverse rights through a directory but *not*
>rights to read or execute any of the files in it. I've set up a
>particular group with traversal rights with no read/execute, yet try as
>I might, I can't prevent them from opening the files.
>
>Anyone got any idea what the problem might be? Is this just not
>possible in IIS, or is there some rights management thing I've
>forgotten to take into account? It's driving me nutty ...
Check rights to specific files. Make sure the user isn't in a group
that has access. Set NTFS permissions at the folder level to read,
but the file level to no access. You have to do it at the file level,
since to read the folder would by default allow read of the file.
Or rethink your directory structure, this is a fairly convoluted
security setup. Virtual folders could also solve the issue.
Jeff
|
|
|
|
|