 |
|
 |
|
|
 |
Frontpage SE Modifying NTFS permissions |
 |
 |
|
|
10-25-04 10:49 PM
Hi,
I know Frontpage Extensions keeps track of permissions, and as of 2002 does
not allow admins to keep track of permissions. However my problem is that
Frontpage automatically modifes permissions for Website root folders, that d
o
not have fonrpage enabled.
For instance we have
C:\Webs (not a web root)
C:\Webs\FPa (webroot for site a)
C:\Webs\FPb (webroot for site b)
C:\Webs\c (webroot for site c, no FP SE enabled)
the problem is that Fronpage extensions adds Interactive and Network
permissions at the C:\Webs level, thus changing permissions for Site C, whic
h
should not need it. This is a major problem because of all the restricted
sites we have on site C, and Interactive and Netowrk give read access to
everyone that has an account.
Any help will be greatly appreciated.
Thanks
Badri
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
|
|
RE: Frontpage SE Modifying NTFS permissions |
|
|
|
|
10-26-04 10:48 PM
Hi Badri,
This is an expected behaviour. The Interactive and Network group is added
for the following reasons.
when a Web site is set to allow anonymous users to browse the site content,
and a user authenticates to perform some other tasks, such as modifying a
file, they can no longer browse any sites on that server anonymously. This
is problematic when the user goes to browse a different Web site on the
same virtual server. Because they have authenticated, they are no longer
anonymous, and because their own credentials are not used by the new Web
site, they may be blocked from browsing the new site.
For example, your server, SERVER1, hosts both http://www.example.com (a
site that allows anonymous browsing) and http://www.example.com/subweb (a
site that does not allow anonymous browsing) on the same virtual server.
User1 is an author for www.example.com/subweb. Previously, when User1
accessed a file from the file system to make a change in
www.example.com/subweb, and then browsed to www.example.com, the user was
already authenticated. So, rather than browsing the site as an anonymous
user, the user's credentials were checked and the user saw an access denied
error.
To get around this issue, the FrontPage Server Extensions used the
NETWORK/INTERACTIVE access control entries (ACE) to allow users with user
accounts to browse content, even after they have authenticated. However,
these general groups may allow more permissive behavior than is desired.
If you are using a Windows 2003 server, then you can disable adding of
Interactive and Network groups to the ACL's of the content area
More Information
Authenticating users separately for each virtual server
http://www.microsoft.com/resources/.../proddocs/en-us
/admindoc/owsj03.mspx
Hope this helps
regards
Hari
MSFT
This posting is provided "as is" with no warranties and confers no rights
--------------------
| Hi,
|
| I know Frontpage Extensions keeps track of permissions, and as of 2002
does
| not allow admins to keep track of permissions. However my problem is
that
| Frontpage automatically modifes permissions for Website root folders,
that do
| not have fonrpage enabled.
|
| For instance we have
| C:\Webs (not a web root)
| C:\Webs\FPa (webroot for site a)
| C:\Webs\FPb (webroot for site b)
| C:\Webs\c (webroot for site c, no FP SE enabled)
|
| the problem is that Fronpage extensions adds Interactive and Network
| permissions at the C:\Webs level, thus changing permissions for Site C,
which
| should not need it. This is a major problem because of all the restricted
| sites we have on site C, and Interactive and Netowrk give read access to
| everyone that has an account.
|
| Any help will be greatly appreciated.
|
| Thanks
| Badri
|
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: Frontpage SE Modifying NTFS permissions |
|
|
|
|
10-26-04 10:48 PM
I guess I did not explain my problem right,
C:\Webs\a
C:\webs\b
c:\webs\c
Lets say we have www.exp1.com with Frontpage SE on A, www.exp2.com with
Frontpage SE on B, and www.exp3.com with no frontpage extensions on C.
The problem was that Fronpage would change permissions on C:\Webs\c, which
should not have to be changed.
Badri
"Harikumar H [MSFT]" wrote:
> Hi Badri,
>
> This is an expected behaviour. The Interactive and Network group is added
> for the following reasons.
>
> when a Web site is set to allow anonymous users to browse the site content
,
> and a user authenticates to perform some other tasks, such as modifying a
> file, they can no longer browse any sites on that server anonymously. This
> is problematic when the user goes to browse a different Web site on the
> same virtual server. Because they have authenticated, they are no longer
> anonymous, and because their own credentials are not used by the new Web
> site, they may be blocked from browsing the new site.
>
> For example, your server, SERVER1, hosts both http://www.example.com (a
> site that allows anonymous browsing) and http://www.example.com/subweb (a
> site that does not allow anonymous browsing) on the same virtual server.
> User1 is an author for www.example.com/subweb. Previously, when User1
> accessed a file from the file system to make a change in
> www.example.com/subweb, and then browsed to www.example.com, the user was
> already authenticated. So, rather than browsing the site as an anonymous
> user, the user's credentials were checked and the user saw an access denie
d
> error.
>
> To get around this issue, the FrontPage Server Extensions used the
> NETWORK/INTERACTIVE access control entries (ACE) to allow users with user
> accounts to browse content, even after they have authenticated. However,
> these general groups may allow more permissive behavior than is desired.
>
> If you are using a Windows 2003 server, then you can disable adding of
> Interactive and Network groups to the ACL's of the content area
>
> More Information
>
> Authenticating users separately for each virtual server
> [url]http://www.microsoft.com/resources/documentation/sts/2001/all/proddocs/en-us[/ur
l]
> /admindoc/owsj03.mspx
>
> Hope this helps
>
>
> regards
>
> Hari
> MSFT
>
> This posting is provided "as is" with no warranties and confers no rights
> --------------------
> | Hi,
> |
> | I know Frontpage Extensions keeps track of permissions, and as of 2002
> does
> | not allow admins to keep track of permissions. However my problem is
> that
> | Frontpage automatically modifes permissions for Website root folders,
> that do
> | not have fonrpage enabled.
> |
> | For instance we have
> | C:\Webs (not a web root)
> | C:\Webs\FPa (webroot for site a)
> | C:\Webs\FPb (webroot for site b)
> | C:\Webs\c (webroot for site c, no FP SE enabled)
> |
> | the problem is that Fronpage extensions adds Interactive and Network
> | permissions at the C:\Webs level, thus changing permissions for Site C,
> which
> | should not need it. This is a major problem because of all the restricte
d
> | sites we have on site C, and Interactive and Netowrk give read access to
> | everyone that has an account.
> |
> | Any help will be greatly appreciated.
> |
> | Thanks
> | Badri
> |
>
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: Frontpage SE Modifying NTFS permissions |
|
|
|
|
10-27-04 12:46 PM
Hi Badri,
I understand your problem. The web site A, B and C are under the webs
folder. When you extend A and B, FPSE will add the Interactive and Network
folder to the parent folder that is the webs folder. If you want to block
Interactive and Network from the C directory, uncheck the inheritance from
the above folder.
Hope this helps
regards
Hari
MSFT
This posting is provided "as is" with no warranties and confers no rights
--------------------
| I guess I did not explain my problem right,
| C:\Webs\a
| C:\webs\b
| c:\webs\c
|
| Lets say we have www.exp1.com with Frontpage SE on A, www.exp2.com with
| Frontpage SE on B, and www.exp3.com with no frontpage extensions on C.
|
| The problem was that Fronpage would change permissions on C:\Webs\c,
which
| should not have to be changed.
|
| Badri
|
|
| "Harikumar H [MSFT]" wrote:
|
| > Hi Badri,
| >
| > This is an expected behaviour. The Interactive and Network group is
added
| > for the following reasons.
| >
| > when a Web site is set to allow anonymous users to browse the site
content,
| > and a user authenticates to perform some other tasks, such as modifying
a
| > file, they can no longer browse any sites on that server anonymously.
This
| > is problematic when the user goes to browse a different Web site on the
| > same virtual server. Because they have authenticated, they are no
longer
| > anonymous, and because their own credentials are not used by the new
Web
| > site, they may be blocked from browsing the new site.
| >
| > For example, your server, SERVER1, hosts both http://www.example.com (a
| > site that allows anonymous browsing) and http://www.example.com/subweb
(a
| > site that does not allow anonymous browsing) on the same virtual
server.
| > User1 is an author for www.example.com/subweb. Previously, when User1
| > accessed a file from the file system to make a change in
| > www.example.com/subweb, and then browsed to www.example.com, the user
was
| > already authenticated. So, rather than browsing the site as an
anonymous
| > user, the user's credentials were checked and the user saw an access
denied
| > error.
| >
| > To get around this issue, the FrontPage Server Extensions used the
| > NETWORK/INTERACTIVE access control entries (ACE) to allow users with
user
| > accounts to browse content, even after they have authenticated.
However,
| > these general groups may allow more permissive behavior than is
desired.
| >
| > If you are using a Windows 2003 server, then you can disable adding of
| > Interactive and Network groups to the ACL's of the content area
| >
| > More Information
| >
| > Authenticating users separately for each virtual server
| >
http://www.microsoft.com/resources/.../proddocs/en-us
| > /admindoc/owsj03.mspx
| >
| > Hope this helps
| >
| >
| > regards
| >
| > Hari
| > MSFT
| >
| > This posting is provided "as is" with no warranties and confers no
rights
| > --------------------
| > | Hi,
| > |
| > | I know Frontpage Extensions keeps track of permissions, and as of
2002
| > does
| > | not allow admins to keep track of permissions. However my problem is
| > that
| > | Frontpage automatically modifes permissions for Website root folders,
| > that do
| > | not have fonrpage enabled.
| > |
| > | For instance we have
| > | C:\Webs (not a web root)
| > | C:\Webs\FPa (webroot for site a)
| > | C:\Webs\FPb (webroot for site b)
| > | C:\Webs\c (webroot for site c, no FP SE enabled)
| > |
| > | the problem is that Fronpage extensions adds Interactive and Network
| > | permissions at the C:\Webs level, thus changing permissions for Site
C,
| > which
| > | should not need it. This is a major problem because of all the
restricted
| > | sites we have on site C, and Interactive and Netowrk give read access
to
| > | everyone that has an account.
| > |
| > | Any help will be greatly appreciated.
| > |
| > | Thanks
| > | Badri
| > |
| >
| >
| >
|
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: Frontpage SE Modifying NTFS permissions |
|
|
|
|
10-27-04 10:49 PM
Thanks a lot for your help, kinda figured that would be only solution if thi
s
is by design.
Thanks
Badri
"Harikumar H [MSFT]" wrote:
> Hi Badri,
>
> I understand your problem. The web site A, B and C are under the webs
> folder. When you extend A and B, FPSE will add the Interactive and Networ
k
> folder to the parent folder that is the webs folder. If you want to block
> Interactive and Network from the C directory, uncheck the inheritance from
> the above folder.
>
> Hope this helps
>
>
> regards
>
> Hari
> MSFT
>
> This posting is provided "as is" with no warranties and confers no rights
> --------------------
> | I guess I did not explain my problem right,
> | C:\Webs\a
> | C:\webs\b
> | c:\webs\c
> |
> | Lets say we have www.exp1.com with Frontpage SE on A, www.exp2.com with
> | Frontpage SE on B, and www.exp3.com with no frontpage extensions on C.
> |
> | The problem was that Fronpage would change permissions on C:\Webs\c,
> which
> | should not have to be changed.
> |
> | Badri
> |
> |
> | "Harikumar H [MSFT]" wrote:
> |
> | > Hi Badri,
> | >
> | > This is an expected behaviour. The Interactive and Network group is
> added
> | > for the following reasons.
> | >
> | > when a Web site is set to allow anonymous users to browse the site
> content,
> | > and a user authenticates to perform some other tasks, such as modifyin
g
> a
> | > file, they can no longer browse any sites on that server anonymously.
> This
> | > is problematic when the user goes to browse a different Web site on th
e
> | > same virtual server. Because they have authenticated, they are no
> longer
> | > anonymous, and because their own credentials are not used by the new
> Web
> | > site, they may be blocked from browsing the new site.
> | >
> | > For example, your server, SERVER1, hosts both http://www.example.com (
a
> | > site that allows anonymous browsing) and http://www.example.com/subweb
> (a
> | > site that does not allow anonymous browsing) on the same virtual
> server.
> | > User1 is an author for www.example.com/subweb. Previously, when User1
> | > accessed a file from the file system to make a change in
> | > www.example.com/subweb, and then browsed to www.example.com, the user
> was
> | > already authenticated. So, rather than browsing the site as an
> anonymous
> | > user, the user's credentials were checked and the user saw an access
> denied
> | > error.
> | >
> | > To get around this issue, the FrontPage Server Extensions used the
> | > NETWORK/INTERACTIVE access control entries (ACE) to allow users with
> user
> | > accounts to browse content, even after they have authenticated.
> However,
> | > these general groups may allow more permissive behavior than is
> desired.
> | >
> | > If you are using a Windows 2003 server, then you can disable adding of
> | > Interactive and Network groups to the ACL's of the content area
> | >
> | > More Information
> | >
> | > Authenticating users separately for each virtual server
> | >
> [url]http://www.microsoft.com/resources/documentation/sts/2001/all/proddocs/en-us[/ur
l]
> | > /admindoc/owsj03.mspx
> | >
> | > Hope this helps
> | >
> | >
> | > regards
> | >
> | > Hari
> | > MSFT
> | >
> | > This posting is provided "as is" with no warranties and confers no
> rights
> | > --------------------
> | > | Hi,
> | > |
> | > | I know Frontpage Extensions keeps track of permissions, and as of
> 2002
> | > does
> | > | not allow admins to keep track of permissions. However my problem i
s
> | > that
> | > | Frontpage automatically modifes permissions for Website root folders
,
> | > that do
> | > | not have fonrpage enabled.
> | > |
> | > | For instance we have
> | > | C:\Webs (not a web root)
> | > | C:\Webs\FPa (webroot for site a)
> | > | C:\Webs\FPb (webroot for site b)
> | > | C:\Webs\c (webroot for site c, no FP SE enabled)
> | > |
> | > | the problem is that Fronpage extensions adds Interactive and Network
> | > | permissions at the C:\Webs level, thus changing permissions for Site
> C,
> | > which
> | > | should not need it. This is a major problem because of all the
> restricted
> | > | sites we have on site C, and Interactive and Netowrk give read acces
s
> to
> | > | everyone that has an account.
> | > |
> | > | Any help will be greatly appreciated.
> | > |
> | > | Thanks
> | > | Badri
> | > |
> | >
> | >
> | >
> |
>
>
>
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 12:54 PM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
Medical and Health forum | Computer Games Reviews | Graphics design forum
|
 |
|
 |
|
