Hi friends,

I am facing problem in restricting access to the subfolders
of a shared folder, in IIS 5.0 on Windows 2000 Server.

The scenario is that there is a folder MAIN, which can
be accessed by Everyone. This MAIN folder is mapped to
a similar named folder of another computer.
There are three sub folders - SUB1, SUB2 and SUB3.
SUB1 is publicly accessible.
SUB2 is accessible to SUB2Users only.
SUB3 is accessible to SUB3Users only.

MAIN has got 'Everyone' permission.

Since I have configured IIS to point to MAIN folder, all
the folders are accessible through web.

Problem is that I want to give only the 'SUB2Users' right
to folder SUB2. But doing this makes it inaccessible, even
to 'SUB2Users'. So, I added 'Everyone' right also to it.
But now 'SUB3Users' are also able to access SUB2.

I tried with both Basic and Windows Authentication to find
out whether something could be done at the IIS end, but didnt
succeed.

Basically, I want to know in such a scenario where actually
the restrictions shud be implemented -
a. at the Folder property(viewed by right-click in windows explorer.) or
b. at the IIS level?

Pls help.

regards,
Nise

[ Post a follow-up to this message ]

Hello,
It is ok for Everyone to have permissions to Main and Sub1. What you need
to do is modify the NTFS permissions (Windows explorer) for the Sub2 folder
so that the Sub2users group has permissions to the content. You need to
make sure that you are not inheriting permissions from Main, and that you
are propagating the new permissions to all subfolders and files in Sub2. Do
the same for Sub3 (sub3users should have permissions, remove everyone
group).
If after you configure the permissions like mentioned above, users have
problems accessing the content then make a note of the Http error code (be
sure to uncheck IE-> Tools-> Internet Options-> Advanced-> Show friendly
http error messages and reopen the browser) and post it here.

In IIS all you need to do is choose the appropriate authentication method
(Basic or Integrated)- you really can't control which group has access
within IIS.

Thanks,
Yogita Manghnani
Microsoft Developer Support
Internet Information Server

 ****************************************
 *****************************[vbcol=seag
reen] 
account name for newsgroup participation only.<<

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

© 2003 Microsoft Corporation. All rights reserved.
 ****************************************
*****************************

[ Post a follow-up to this message ]