WebDav overrides NTFS -- iis security

Jorge Henriquez
3/18/2004 12:01:06 PM

Greetings
I have a WebDav Folder, modify the NTFS permissions, remove all item
listed, add a single user ID. In advanced, I ensure the only owner is th
user ID previously used
When browsing the file system on the server, I get an access denied messag
even if I'm logged on as administrator (What I would expect). When I acces
the same folder with WebDav, I can open the folder and list other folder
within it (but no files)
Clues

Jorge Henrique
Systems Analyst, Sr
Undergraduate Initiatives Technology Service
Arizona State Universit

Gino
3/21/2004 2:56:23 PM

I'm not familier with WebDav but from your description it sounds like It can
Transverse Folders but not List any of the files. Two things come to mind,
one: there is a setting in Policies that allow bypass of Traverse checking.
And two: that WebDav has to be running in some kind of security context
itself and may be running under the STSTEM ACCOUNT which is the operating
system, this would explain the elevation in privileges.

[quoted text, click to view]

iis security : WebDav overrides NTFS