Does Visual Interdev use an account to gain access to a remote web
server or does IIS treat it as an anonymous guest user? We have web
developers who insist on having FPSE installed on the production server
but the problem is we also have other people in our WAN who have
Interdev installed (other subnets) and can reach and read source codes
on the server. This of course is a big issue with them but they also
don't want to lose FPSE. In the past I've always had web teams install
FPSE on an anonymous test server and then ftp/copr-n-paste their
changes onto the production site but in this situation it looks like I
can't do that... yet. How do you all lock down FPSE if it were placed
on a web server that's public and accessible to the public? 

[ Post a follow-up to this message ]

Hi,

The answer to this question depends on which version of FPSE you are using.

For FPSE2000 (which ships with IIS5.0), the configuration of FPSE offers to
create three local groups (admins, authors and browsers). If you do not
choose to create these groups, you can run into problems such as what you
are experiencing. You should create these groups, and place the necessary
users into each group. FPSE2000 uses NTFS permissions to control access to
files. Provided you create the groups, and the other users are not in the
Authors or Admins group, they won't be able to get access to source code.

For FPSE2002 (which ships with IIS6.0, and can be installed on IIS5.0 as
well), you can either use Window accounts or non-Windows accounts to control
access. Again, ensuring that not everyone has access to source does rely on
configuring this properly.

Cheers
Ken

"psychogenic" <angrylife@gmail.com> wrote in message
news:1142266858.900163.228620@z34g2000cwc.googlegroups.com...
: Does Visual Interdev use an account to gain access to a remote web
: server or does IIS treat it as an anonymous guest user? We have web
: developers who insist on having FPSE installed on the production server
: but the problem is we also have other people in our WAN who have
: Interdev installed (other subnets) and can reach and read source codes
: on the server. This of course is a big issue with them but they also
: don't want to lose FPSE. In the past I've always had web teams install
: FPSE on an anonymous test server and then ftp/copr-n-paste their
: changes onto the production site but in this situation it looks like I
: can't do that... yet. How do you all lock down FPSE if it were placed
: on a web server that's public and accessible to the public? 
:

[ Post a follow-up to this message ]

Yes, its version 2000 (its on IIS 5.0). As it is set now, the Everyone
group is currently given Browser role. However, anyone with Interdev
installed can still read the source codes.

Ken Schaefer wrote:
> Hi,
>
> The answer to this question depends on which version of FPSE you are using
.
>
> For FPSE2000 (which ships with IIS5.0), the configuration of FPSE offers t
o
> create three local groups (admins, authors and browsers). If you do not
> choose to create these groups, you can run into problems such as what you
> are experiencing. You should create these groups, and place the necessary
> users into each group. FPSE2000 uses NTFS permissions to control access to
> files. Provided you create the groups, and the other users are not in the
> Authors or Admins group, they won't be able to get access to source code.
>
> For FPSE2002 (which ships with IIS6.0, and can be installed on IIS5.0 as
> well), you can either use Window accounts or non-Windows accounts to contr
ol
> access. Again, ensuring that not everyone has access to source does rely o
n
> configuring this properly.
>
> Cheers
> Ken
>
> "psychogenic" <angrylife@gmail.com> wrote in message
> news:1142266858.900163.228620@z34g2000cwc.googlegroups.com...
> : Does Visual Interdev use an account to gain access to a remote web
> : server or does IIS treat it as an anonymous guest user? We have web
> : developers who insist on having FPSE installed on the production server
> : but the problem is we also have other people in our WAN who have
> : Interdev installed (other subnets) and can reach and read source codes
> : on the server. This of course is a big issue with them but they also
> : don't want to lose FPSE. In the past I've always had web teams install
> : FPSE on an anonymous test server and then ftp/copr-n-paste their
> : changes onto the production site but in this situation it looks like I
> : can't do that... yet. How do you all lock down FPSE if it were placed
> : on a web server that's public and accessible to the public? 
> :

[ Post a follow-up to this message ]

Who is in the Author and Admin groups?

If you right-click on the website in the IIS Manager, there is an option to
"tighten FPSE security" which you can run to fix up NTFS ACLs.

Just becuase someone has Interdev doesn't mean they should be able to view
source-code. Permissions are checked on the server, regardless of the type
of client connecting.

Cheers
Ken


"psychogenic" <angrylife@gmail.com> wrote in message
news:1142361043.090261.146810@z34g2000cwc.googlegroups.com...
: Yes, its version 2000 (its on IIS 5.0). As it is set now, the Everyone
: group is currently given Browser role. However, anyone with Interdev
: installed can still read the source codes.
:
: Ken Schaefer wrote:
: > Hi,
: >
: > The answer to this question depends on which version of FPSE you are
using.
: >
: > For FPSE2000 (which ships with IIS5.0), the configuration of FPSE offers
to
: > create three local groups (admins, authors and browsers). If you do not
: > choose to create these groups, you can run into problems such as what
you
: > are experiencing. You should create these groups, and place the
necessary
: > users into each group. FPSE2000 uses NTFS permissions to control access
to
: > files. Provided you create the groups, and the other users are not in
the
: > Authors or Admins group, they won't be able to get access to source
code.
: >
: > For FPSE2002 (which ships with IIS6.0, and can be installed on IIS5.0 as
: > well), you can either use Window accounts or non-Windows accounts to
control
: > access. Again, ensuring that not everyone has access to source does rely
on
: > configuring this properly.
: >
: > Cheers
: > Ken
: >
: > "psychogenic" <angrylife@gmail.com> wrote in message
: > news:1142266858.900163.228620@z34g2000cwc.googlegroups.com...
: > : Does Visual Interdev use an account to gain access to a remote web
: > : server or does IIS treat it as an anonymous guest user? We have web
: > : developers who insist on having FPSE installed on the production
server
: > : but the problem is we also have other people in our WAN who have
: > : Interdev installed (other subnets) and can reach and read source codes
: > : on the server. This of course is a big issue with them but they also
: > : don't want to lose FPSE. In the past I've always had web teams install
: > : FPSE on an anonymous test server and then ftp/copr-n-paste their
: > : changes onto the production site but in this situation it looks like I
: > : can't do that... yet. How do you all lock down FPSE if it were placed
: > : on a web server that's public and accessible to the public? 
: > :
:

[ Post a follow-up to this message ]

Hmmm, I don't see anywhere within the admin pages to view who are in
the Admin and Author groups. From the Users and Roles section, I see
Change anon access settings, and Click here to add or delete accounts,
Manage Users, Roles, and Send an invitation, but nothing that I can see
which manages groups.

Ken Schaefer wrote:
> Who is in the Author and Admin groups?
>
> If you right-click on the website in the IIS Manager, there is an option t
o
> "tighten FPSE security" which you can run to fix up NTFS ACLs.
>
> Just becuase someone has Interdev doesn't mean they should be able to view
> source-code. Permissions are checked on the server, regardless of the type
> of client connecting.
>
> Cheers
> Ken
>
>
> "psychogenic" <angrylife@gmail.com> wrote in message
> news:1142361043.090261.146810@z34g2000cwc.googlegroups.com...
> : Yes, its version 2000 (its on IIS 5.0). As it is set now, the Everyone
> : group is currently given Browser role. However, anyone with Interdev
> : installed can still read the source codes.
> :
> : Ken Schaefer wrote:
> : > Hi,
> : >
> : > The answer to this question depends on which version of FPSE you are
> using.
> : >
> : > For FPSE2000 (which ships with IIS5.0), the configuration of FPSE offe
rs
> to
> : > create three local groups (admins, authors and browsers). If you do no
t
> : > choose to create these groups, you can run into problems such as what
> you
> : > are experiencing. You should create these groups, and place the
> necessary
> : > users into each group. FPSE2000 uses NTFS permissions to control acces
s
> to
> : > files. Provided you create the groups, and the other users are not in
> the
> : > Authors or Admins group, they won't be able to get access to source
> code.
> : >
> : > For FPSE2002 (which ships with IIS6.0, and can be installed on IIS5.0 
as
> : > well), you can either use Window accounts or non-Windows accounts to
> control
> : > access. Again, ensuring that not everyone has access to source does re
ly
> on
> : > configuring this properly.
> : >
> : > Cheers
> : > Ken
> : >

[ Post a follow-up to this message ]

Hi,

Are you sure you are using FPSE2000? If so, the groups in question are NT
user groups. Use Computer Management MMC Administrative Tool to view local
user groups.

Cheers
Ken

"psychogenic" <angrylife@gmail.com> wrote in message
news:1142438428.765428.320520@i39g2000cwa.googlegroups.com...
: Hmmm, I don't see anywhere within the admin pages to view who are in
: the Admin and Author groups. From the Users and Roles section, I see
: Change anon access settings, and Click here to add or delete accounts,
: Manage Users, Roles, and Send an invitation, but nothing that I can see
: which manages groups.
:
: Ken Schaefer wrote:
: > Who is in the Author and Admin groups?
: >
: > If you right-click on the website in the IIS Manager, there is an option
to
: > "tighten FPSE security" which you can run to fix up NTFS ACLs.
: >
: > Just becuase someone has Interdev doesn't mean they should be able to
view
: > source-code. Permissions are checked on the server, regardless of the
type
: > of client connecting.
: >
: > Cheers
: > Ken
: >
: >
: > "psychogenic" <angrylife@gmail.com> wrote in message
: > news:1142361043.090261.146810@z34g2000cwc.googlegroups.com...
: > : Yes, its version 2000 (its on IIS 5.0). As it is set now, the Everyone
: > : group is currently given Browser role. However, anyone with Interdev
: > : installed can still read the source codes.
: > :
: > : Ken Schaefer wrote:
: > : > Hi,
: > : >
: > : > The answer to this question depends on which version of FPSE you are
: > using.
: > : >
: > : > For FPSE2000 (which ships with IIS5.0), the configuration of FPSE
offers
: > to
: > : > create three local groups (admins, authors and browsers). If you do
not
: > : > choose to create these groups, you can run into problems such as
what
: > you
: > : > are experiencing. You should create these groups, and place the
: > necessary
: > : > users into each group. FPSE2000 uses NTFS permissions to control
access
: > to
: > : > files. Provided you create the groups, and the other users are not
in
: > the
: > : > Authors or Admins group, they won't be able to get access to source
: > code.
: > : >
: > : > For FPSE2002 (which ships with IIS6.0, and can be installed on
IIS5.0 as
: > : > well), you can either use Window accounts or non-Windows accounts to
: > control
: > : > access. Again, ensuring that not everyone has access to source does
rely
: > on
: > : > configuring this properly.
: > : >
: > : > Cheers
: > : > Ken
: > : >
:

[ Post a follow-up to this message ]

Sorry. I am using FPSE 2002. Interestingly enough, if I create a new
web server with the exact same NTFS permissions and FPSE settings, I am
prompted for user/password info when I try to connect to it through
Visual InterDev but I don't with the web sevrer I am having the problem
with.

Ken Schaefer wrote:
> Hi,
>
> Are you sure you are using FPSE2000? If so, the groups in question are NT
> user groups. Use Computer Management MMC Administrative Tool to view local
> user groups.
>
> Cheers
> Ken
>
> "psychogenic" <angrylife@gmail.com> wrote in message
> news:1142438428.765428.320520@i39g2000cwa.googlegroups.com...
> : Hmmm, I don't see anywhere within the admin pages to view who are in
> : the Admin and Author groups. From the Users and Roles section, I see
> : Change anon access settings, and Click here to add or delete accounts,
> : Manage Users, Roles, and Send an invitation, but nothing that I can see
> : which manages groups.
> :
> : Ken Schaefer wrote:
> : > Who is in the Author and Admin groups?
> : >
> : > If you right-click on the website in the IIS Manager, there is an opti
on
> to
> : > "tighten FPSE security" which you can run to fix up NTFS ACLs.
> : >
> : > Just becuase someone has Interdev doesn't mean they should be able to
> view
> : > source-code. Permissions are checked on the server, regardless of the
> type
> : > of client connecting.
> : >
> : > Cheers
> : > Ken
> : >
> : >
> : > "psychogenic" <angrylife@gmail.com> wrote in message
> : > news:1142361043.090261.146810@z34g2000cwc.googlegroups.com...
> : > : Yes, its version 2000 (its on IIS 5.0). As it is set now, the Everyo
ne
> : > : group is currently given Browser role. However, anyone with Interdev
> : > : installed can still read the source codes.
> : > :

[ Post a follow-up to this message ]

OK, I think we need to start again. FPSE2002 is slightly different to
FPSE2000 (actually, it's a bit more flexible, but hence a bit more complex).
Let me check my FPSE2002 security documentation and work out what things we
need to check for.

Cheers
Ken

"psychogenic" <angrylife@gmail.com> wrote in message
news:1142523622.121038.151230@e56g2000cwe.googlegroups.com...
: Sorry. I am using FPSE 2002. Interestingly enough, if I create a new
: web server with the exact same NTFS permissions and FPSE settings, I am
: prompted for user/password info when I try to connect to it through
: Visual InterDev but I don't with the web sevrer I am having the problem
: with.
:
: Ken Schaefer wrote:
: > Hi,
: >
: > Are you sure you are using FPSE2000? If so, the groups in question are
NT
: > user groups. Use Computer Management MMC Administrative Tool to view
local
: > user groups.
: >
: > Cheers
: > Ken
: >
: > "psychogenic" <angrylife@gmail.com> wrote in message
: > news:1142438428.765428.320520@i39g2000cwa.googlegroups.com...
: > : Hmmm, I don't see anywhere within the admin pages to view who are in
: > : the Admin and Author groups. From the Users and Roles section, I see
: > : Change anon access settings, and Click here to add or delete accounts,
: > : Manage Users, Roles, and Send an invitation, but nothing that I can
see
: > : which manages groups.
: > :
: > : Ken Schaefer wrote:
: > : > Who is in the Author and Admin groups?
: > : >
: > : > If you right-click on the website in the IIS Manager, there is an
option
: > to
: > : > "tighten FPSE security" which you can run to fix up NTFS ACLs.
: > : >
: > : > Just becuase someone has Interdev doesn't mean they should be able
to
: > view
: > : > source-code. Permissions are checked on the server, regardless of
the
: > type
: > : > of client connecting.
: > : >
: > : > Cheers
: > : > Ken
: > : >
: > : >
: > : > "psychogenic" <angrylife@gmail.com> wrote in message
: > : > news:1142361043.090261.146810@z34g2000cwc.googlegroups.com...
: > : > : Yes, its version 2000 (its on IIS 5.0). As it is set now, the
Everyone
: > : > : group is currently given Browser role. However, anyone with
Interdev
: > : > : installed can still read the source codes.
: > : > :
:

[ Post a follow-up to this message ]