"Peter Shaw" <peter-at-websitedevelopment.ltd.uk> wrote in message
news:e5dDHCJqFHA.2776@TK2MSFTNGP10.phx.gbl...
> W2003 Web Edition / IIS6 / Default FTP site / Guest account disabled
>
> I have had to add another user account to the server to secure access for
> certain web pages. The new user is not a member of any group and only has
> read pemissions on a single directory well under the ftproot.
>
> Suprisingly, although the new user has no effective permissions at the
> ftproot level, they are still able to login and browse the full FTP
> directory stucture using their username and password. Anonyomous access is
> turned off. I can explicitly deny the new user access to the FTP root
> which
> then prevents FTP logon, but surely this isn't the correct way to do this?
> With no permissions at the ftproot level users shouldn't be able to logon.
>
> Which account privileges are they assuming when they logon?
>
> Peter
>
>

"Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
news:OnRG7jTrFHA.3080@TK2MSFTNGP15.phx.gbl...
> What's the effective ACLs on the ftproot folder......
> does the user belong to any group that has permissions over the folder ?
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "Peter Shaw" <peter-at-websitedevelopment.ltd.uk> wrote in message
> news:e5dDHCJqFHA.2776@TK2MSFTNGP10.phx.gbl...
> > W2003 Web Edition / IIS6 / Default FTP site / Guest account disabled
> >
> > I have had to add another user account to the server to secure access
for
> > certain web pages. The new user is not a member of any group and only
has
> > read pemissions on a single directory well under the ftproot.
> >
> > Suprisingly, although the new user has no effective permissions at the
> > ftproot level, they are still able to login and browse the full FTP
> > directory stucture using their username and password. Anonyomous access
is
> > turned off. I can explicitly deny the new user access to the FTP root
> > which
> > then prevents FTP logon, but surely this isn't the correct way to do
this?
> > With no permissions at the ftproot level users shouldn't be able to
logon.
> >
> > Which account privileges are they assuming when they logon?
> >
> > Peter
> >
> >
>
>

"Peter Shaw" <peter-at-websitedevelopment.ltd.uk> wrote in message
news:u06oAGXrFHA.1128@TK2MSFTNGP11.phx.gbl...
> ACL for the FTP root has the following entries (it is the Web Root folder)
>
> Administrators
> ASP.NET machine account
> IIS_WPG
> INTERACTIVE
> Internet Guest Account
> NETWORK
> NETWORK SERVICE
> OWS_xxxxxxxxxx_admin
> SYSTEM
> u3822xxxx
>
> The user who I wish to prevent from FTPing is not in the above list and is
> not a member of any groups. Allow Anonymous FTP is not checked.
>
> Peter
>
>
> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
> news:OnRG7jTrFHA.3080@TK2MSFTNGP15.phx.gbl...
>> What's the effective ACLs on the ftproot folder......
>> does the user belong to any group that has permissions over the folder ?
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.microsoft.com/iis/
>> http://www.iiswebcastseries.com/
>> http://www.msmvps.com/bernard/
>>
>>
>> "Peter Shaw" <peter-at-websitedevelopment.ltd.uk> wrote in message
>> news:e5dDHCJqFHA.2776@TK2MSFTNGP10.phx.gbl...
>> > W2003 Web Edition / IIS6 / Default FTP site / Guest account disabled
>> >
>> > I have had to add another user account to the server to secure access
> for
>> > certain web pages. The new user is not a member of any group and only
> has
>> > read pemissions on a single directory well under the ftproot.
>> >
>> > Suprisingly, although the new user has no effective permissions at the
>> > ftproot level, they are still able to login and browse the full FTP
>> > directory stucture using their username and password. Anonyomous access
> is
>> > turned off. I can explicitly deny the new user access to the FTP root
>> > which
>> > then prevents FTP logon, but surely this isn't the correct way to do
> this?
>> > With no permissions at the ftproot level users shouldn't be able to
> logon.
>> >
>> > Which account privileges are they assuming when they logon?
>> >
>> > Peter
>> >
>> >
>>
>>
>
>