|
|
You're in the
iis ftp
group:IIS 6.0 and Windows 2003 FTP Permissions
iis ftp:
In the past I would setup a new user and through the command prompt set their FTPRoot and FTPDir which would allow them to browse to a single folder in IIS on the second server. The problem I have now is I have a user I want to give read only permissions to. I set them up in Active Directory and Set their FTPRoot and FTPDir and then went to the folder that i set for the user and only gave them read permissions in the folder. When I log in using their name it brings me to the right folder but the user can read and write to it even though they should only be able to read it. Any ideas??
Actually, I just removed that user from thier home folder and they
still have full access. Apprently local security permissions on the folders are not based on user rights to those folders. The person is brandnew in Active Directory and is not part of any other group. If the folder security doesn't control access permissions is it Active Directory? That is where I set up the users FTPROOT and FTPDIR through a command prompt using. How do I limit the user to read only through Active Directory?? Thanks!! [quoted text, click to view] jcosta@thetek.com (Joey) wrote in message news:<d8f04612.0406211306.2d3f538c@posting.google.com>...
> I have one computer running Active Directory and another running IIS. > In the past I would setup a new user and through the command prompt > set their FTPRoot and FTPDir which would allow them to browse to a > single folder in IIS on the second server. The problem I have now is > I have a user I want to give read only permissions to. I set them up > in Active Directory and Set their FTPRoot and FTPDir and then went to > the folder that i set for the user and only gave them read permissions > in the folder. When I log in using their name it brings me to the > right folder but the user can read and write to it even though they > should only be able to read it. > > Any ideas?? >
Check the ACL for the directory, make sure they don't belong to other group
which has access permission. or do a test - specifically addin - deny write, do the user still able to write ? no, right. -- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "Joey" <jcosta@thetek.com> wrote in message news:d8f04612.0406211306.2d3f538c@posting.google.com... > I have one computer running Active Directory and another running IIS. > In the past I would setup a new user and through the command prompt > set their FTPRoot and FTPDir which would allow them to browse to a > single folder in IIS on the second server. The problem I have now is > I have a user I want to give read only permissions to. I set them up > in Active Directory and Set their FTPRoot and FTPDir and then went to > the folder that i set for the user and only gave them read permissions > in the folder. When I log in using their name it brings me to the > right folder but the user can read and write to it even though they > should only be able to read it. > > Any ideas?? > > Thanks!!
Are you referring domain user account ? what ACL you have for the home
directory. if user logged under domain account and you have configure NTFS properly, users will not able to access resources that they are not suppose too.... use filemon from sysinternals.com to trace what user is actually access the resource. -- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "Joey" <jcosta@thetek.com> wrote in message news:d8f04612.0406220454.4063253a@posting.google.com... > Actually, I just removed that user from thier home folder and they > still have full access. Apprently local security permissions on the > folders are not based on user rights to those folders. The person is > brandnew in Active Directory and is not part of any other group. If > the folder security doesn't control access permissions is it Active > Directory? That is where I set up the users FTPROOT and FTPDIR > through a command prompt using. How do I limit the user to read only > through Active Directory?? Thanks!! > > > > jcosta@thetek.com (Joey) wrote in message news:<d8f04612.0406211306.2d3f538c@posting.google.com>... > > I have one computer running Active Directory and another running IIS. > > In the past I would setup a new user and through the command prompt > > set their FTPRoot and FTPDir which would allow them to browse to a > > single folder in IIS on the second server. The problem I have now is > > I have a user I want to give read only permissions to. I set them up > > in Active Directory and Set their FTPRoot and FTPDir and then went to > > the folder that i set for the user and only gave them read permissions > > in the folder. When I log in using their name it brings me to the > > right folder but the user can read and write to it even though they > > should only be able to read it. > > > > Any ideas?? > > > > Thanks!!
Ok let me clarify what I have done. I have two servers, server1
running IIS, server2 is running Active Driectory, both servers are running windows 2003. IIS on server1 has ftp set up. I made a new user in Active Directory and though the command prompt I set thier FTPRoot and FTPDir like this: iisftp /SetADProp UserID FTPRoot f:\inetpub\wwwroot iisftp /SetADProp UserID FTPDir JoeShmo With JoeShmo being the web site in IIS. So now when UserID logs into ftp://www.JoeShmo.com it brings them to the main root directory of only JoeShmo for the entire wwwroot directory. This way UserID can only see thier web site contents. The problem is that UserID can do what ever they want in that folder and I can't see a way to limit thier access to read only. It's not in folder permissions as far as I can see. Here is MS web site regarding setting these varaibles. Everything has worked fine until now when I have had to set permissions. http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/cl_as_isoftp.asp Thanks!! [quoted text, click to view] "Bernard" <qbernard@hotmail.com.discuss> wrote in message news:<OUILjrQWEHA.2520@TK2MSFTNGP12.phx.gbl>...
> Are you referring domain user account ? what ACL you have for the home > directory. > if user logged under domain account and you have configure NTFS properly, > users will not able to access resources that they are not suppose too.... > > use filemon from sysinternals.com to trace what user is actually access the > resource. > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > > "Joey" <jcosta@thetek.com> wrote in message > news:d8f04612.0406220454.4063253a@posting.google.com... > > Actually, I just removed that user from thier home folder and they > > still have full access. Apprently local security permissions on the > > folders are not based on user rights to those folders. The person is > > brandnew in Active Directory and is not part of any other group. If > > the folder security doesn't control access permissions is it Active > > Directory? That is where I set up the users FTPROOT and FTPDIR > > through a command prompt using. How do I limit the user to read only > > through Active Directory?? Thanks!! > > > > > > > > jcosta@thetek.com (Joey) wrote in message > news:<d8f04612.0406211306.2d3f538c@posting.google.com>... > > > I have one computer running Active Directory and another running IIS. > > > In the past I would setup a new user and through the command prompt > > > set their FTPRoot and FTPDir which would allow them to browse to a > > > single folder in IIS on the second server. The problem I have now is > > > I have a user I want to give read only permissions to. I set them up > > > in Active Directory and Set their FTPRoot and FTPDir and then went to > > > the folder that i set for the user and only gave them read permissions > > > in the folder. When I log in using their name it brings me to the > > > right folder but the user can read and write to it even though they > > > should only be able to read it. > > > > > > Any ideas?? > > >
In that case, what permission do JoeShmo has over this
folder f:\inetpub\wwwroot\JoeShmo ??? full control ? you can configure whatever permissions you like the user to have... -- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ [quoted text, click to view] "Joey" <jcosta@thetek.com> wrote in message news:d8f04612.0406231913.233796ab@posting.google.com... > Ok let me clarify what I have done. I have two servers, server1 > running IIS, server2 is running Active Driectory, both servers are > running windows 2003. > > IIS on server1 has ftp set up. I made a new user in Active Directory > and though the command prompt I set thier FTPRoot and FTPDir like > this: > > iisftp /SetADProp UserID FTPRoot f:\inetpub\wwwroot > iisftp /SetADProp UserID FTPDir JoeShmo > > With JoeShmo being the web site in IIS. So now when UserID logs into > ftp://www.JoeShmo.com it brings them to the main root directory of > only JoeShmo for the entire wwwroot directory. This way UserID can > only see thier web site contents. The problem is that UserID can do > what ever they want in that folder and I can't see a way to limit > thier access to read only. It's not in folder permissions as far as I > can see. Here is MS web site regarding setting these varaibles. > Everything has worked fine until now when I have had to set > permissions. > > http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/cl_as_isoftp.asp > > > > Thanks!! > > > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message news:<OUILjrQWEHA.2520@TK2MSFTNGP12.phx.gbl>... > > Are you referring domain user account ? what ACL you have for the home > > directory. > > if user logged under domain account and you have configure NTFS properly, > > users will not able to access resources that they are not suppose too.... > > > > use filemon from sysinternals.com to trace what user is actually access the > > resource. > > > > -- > > Regards, > > Bernard Cheah > > http://www.tryiis.com/ > > http://support.microsoft.com/ > > http://www.msmvps.com/bernard/ > > > > > > > > "Joey" <jcosta@thetek.com> wrote in message > > news:d8f04612.0406220454.4063253a@posting.google.com... > > > Actually, I just removed that user from thier home folder and they > > > still have full access. Apprently local security permissions on the > > > folders are not based on user rights to those folders. The person is > > > brandnew in Active Directory and is not part of any other group. If > > > the folder security doesn't control access permissions is it Active > > > Directory? That is where I set up the users FTPROOT and FTPDIR > > > through a command prompt using. How do I limit the user to read only > > > through Active Directory?? Thanks!! > > > > > > > > > > > > jcosta@thetek.com (Joey) wrote in message > > news:<d8f04612.0406211306.2d3f538c@posting.google.com>... > > > > I have one computer running Active Directory and another running IIS. > > > > In the past I would setup a new user and through the command prompt > > > > set their FTPRoot and FTPDir which would allow them to browse to a > > > > single folder in IIS on the second server. The problem I have now is > > > > I have a user I want to give read only permissions to. I set them up > > > > in Active Directory and Set their FTPRoot and FTPDir and then went to > > > > the folder that i set for the user and only gave them read permissions > > > > in the folder. When I log in using their name it brings me to the > > > > right folder but the user can read and write to it even though they > > > > should only be able to read it. > > > > > > > > Any ideas?? > > > > > > > > Thanks!!
It doesn't seem to matter what permissions I give to that user for
that folder. I give them read only and they can still write to it. I don't understand. [quoted text, click to view] "Bernard" <qbernard@hotmail.com.discuss> wrote in message news:<ui4yaIOXEHA.808@tk2msftngp13.phx.gbl>...
> In that case, what permission do JoeShmo has over this > folder f:\inetpub\wwwroot\JoeShmo ??? > > full control ? you can configure whatever permissions you like the user to > have... > > -- > Regards, > Bernard Cheah > http://www.tryiis.com/ > http://support.microsoft.com/ > http://www.msmvps.com/bernard/ > > > > "Joey" <jcosta@thetek.com> wrote in message > news:d8f04612.0406231913.233796ab@posting.google.com... > > Ok let me clarify what I have done. I have two servers, server1 > > running IIS, server2 is running Active Driectory, both servers are > > running windows 2003. > > > > IIS on server1 has ftp set up. I made a new user in Active Directory > > and though the command prompt I set thier FTPRoot and FTPDir like > > this: > > > > iisftp /SetADProp UserID FTPRoot f:\inetpub\wwwroot > > iisftp /SetADProp UserID FTPDir JoeShmo > > > > With JoeShmo being the web site in IIS. So now when UserID logs into > > ftp://www.JoeShmo.com it brings them to the main root directory of > > only JoeShmo for the entire wwwroot directory. This way UserID can > > only see thier web site contents. The problem is that UserID can do > > what ever they want in that folder and I can't see a way to limit > > thier access to read only. It's not in folder permissions as far as I > > can see. Here is MS web site regarding setting these varaibles. > > Everything has worked fine until now when I have had to set > > permissions. > > > > > http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/cl_as_isoftp.asp > > > > > > > > Thanks!! > > > > > > > > "Bernard" <qbernard@hotmail.com.discuss> wrote in message > news:<OUILjrQWEHA.2520@TK2MSFTNGP12.phx.gbl>... > > > Are you referring domain user account ? what ACL you have for the home > > > directory. > > > if user logged under domain account and you have configure NTFS > properly, > > > users will not able to access resources that they are not suppose > too.... > > > > > > use filemon from sysinternals.com to trace what user is actually access > the > > > resource. > > > > > > -- > > > Regards, > > > Bernard Cheah > > > http://www.tryiis.com/ > > > http://support.microsoft.com/ > > > http://www.msmvps.com/bernard/ > > > > > > > > > > > > "Joey" <jcosta@thetek.com> wrote in message > > > news:d8f04612.0406220454.4063253a@posting.google.com... > > > > Actually, I just removed that user from thier home folder and they > > > > still have full access. Apprently local security permissions on the > > > > folders are not based on user rights to those folders. The person is > > > > brandnew in Active Directory and is not part of any other group. If > > > > the folder security doesn't control access permissions is it Active > > > > Directory? That is where I set up the users FTPROOT and FTPDIR > > > > through a command prompt using. How do I limit the user to read only > > > > through Active Directory?? Thanks!! > > > > > > > > > > > > > > > > jcosta@thetek.com (Joey) wrote in message > news:<d8f04612.0406211306.2d3f538c@posting.google.com>... > > > > > I have one computer running Active Directory and another running > IIS. > > > > > In the past I would setup a new user and through the command prompt > > > > > set their FTPRoot and FTPDir which would allow them to browse to a > > > > > single folder in IIS on the second server. The problem I have now > is > > > > > I have a user I want to give read only permissions to. I set them > up > > > > > in Active Directory and Set their FTPRoot and FTPDir and then went > to > > > > > the folder that i set for the user and only gave them read > permissions > > > > > in the folder. When I log in using their name it brings me to the > > > > > right folder but the user can read and write to it even though they > > > > > should only be able to read it. > > > > > > > > > > Any ideas?? > > > > >
[quoted text, click to view]
On 2 Jul 2004 10:28:51 -0700, jcosta@thetek.com (Joey) wrote: >It doesn't seem to matter what permissions I give to that user for >that folder. I give them read only and they can still write to it. I >don't understand. Look at the permissions on the folder. The user may be in a group which has permission, or the user may not be who you think the user is. Jeff [quoted text, click to view] >
>"Bernard" <qbernard@hotmail.com.discuss> wrote in message news:<ui4yaIOXEHA.808@tk2msftngp13.phx.gbl>... >> In that case, what permission do JoeShmo has over this >> folder f:\inetpub\wwwroot\JoeShmo ??? >> >> full control ? you can configure whatever permissions you like the user to >> have... >> >> -- >> Regards, >> Bernard Cheah >> http://www.tryiis.com/ >> http://support.microsoft.com/ >> http://www.msmvps.com/bernard/ >> >> >> >> "Joey" <jcosta@thetek.com> wrote in message >> news:d8f04612.0406231913.233796ab@posting.google.com... >> > Ok let me clarify what I have done. I have two servers, server1 >> > running IIS, server2 is running Active Driectory, both servers are >> > running windows 2003. >> > >> > IIS on server1 has ftp set up. I made a new user in Active Directory >> > and though the command prompt I set thier FTPRoot and FTPDir like >> > this: >> > >> > iisftp /SetADProp UserID FTPRoot f:\inetpub\wwwroot >> > iisftp /SetADProp UserID FTPDir JoeShmo >> > >> > With JoeShmo being the web site in IIS. So now when UserID logs into >> > ftp://www.JoeShmo.com it brings them to the main root directory of >> > only JoeShmo for the entire wwwroot directory. This way UserID can >> > only see thier web site contents. The problem is that UserID can do >> > what ever they want in that folder and I can't see a way to limit >> > thier access to read only. It's not in folder permissions as far as I >> > can see. Here is MS web site regarding setting these varaibles. >> > Everything has worked fine until now when I have had to set >> > permissions. >> > >> > >> http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/cl_as_isoftp.asp >> > >> > >> > >> > Thanks!! >> > >> > >> > >> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message >> news:<OUILjrQWEHA.2520@TK2MSFTNGP12.phx.gbl>... >> > > Are you referring domain user account ? what ACL you have for the home >> > > directory. >> > > if user logged under domain account and you have configure NTFS >> properly, >> > > users will not able to access resources that they are not suppose >> too.... >> > > >> > > use filemon from sysinternals.com to trace what user is actually access >> the >> > > resource. >> > > >> > > -- >> > > Regards, >> > > Bernard Cheah >> > > http://www.tryiis.com/ >> > > http://support.microsoft.com/ >> > > http://www.msmvps.com/bernard/ >> > > >> > > >> > > >> > > "Joey" <jcosta@thetek.com> wrote in message >> > > news:d8f04612.0406220454.4063253a@posting.google.com... >> > > > Actually, I just removed that user from thier home folder and they >> > > > still have full access. Apprently local security permissions on the >> > > > folders are not based on user rights to those folders. The person is >> > > > brandnew in Active Directory and is not part of any other group. If >> > > > the folder security doesn't control access permissions is it Active >> > > > Directory? That is where I set up the users FTPROOT and FTPDIR >> > > > through a command prompt using. How do I limit the user to read only >> > > > through Active Directory?? Thanks!! >> > > > >> > > > >> > > > >> > > > jcosta@thetek.com (Joey) wrote in message >> news:<d8f04612.0406211306.2d3f538c@posting.google.com>... >> > > > > I have one computer running Active Directory and another running >> IIS. >> > > > > In the past I would setup a new user and through the command prompt >> > > > > set their FTPRoot and FTPDir which would allow them to browse to a >> > > > > single folder in IIS on the second server. The problem I have now >> is >> > > > > I have a user I want to give read only permissions to. I set them >> up >> > > > > in Active Directory and Set their FTPRoot and FTPDir and then went >> to >> > > > > the folder that i set for the user and only gave them read >> permissions >> > > > > in the folder. When I log in using their name it brings me to the >> > > > > right folder but the user can read and write to it even though they >> > > > > should only be able to read it. >> > > > > >> > > > > Any ideas?? >> > > > > >> > > > > Thanks!!
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |