<Ishmealm@discussions.microsoft.com> wrote:

>Hi,
> I have a website that has basic authenication and SSL enabled, anonymous has been turned off. The site points to a folder. On that folder I have a group that is denied access. The group is for non-employees, it it my intention to deny all contractors access to this folder. I am a contractor. when I go to the folder manually, I am denied access to it. When I go to the website, I am prompted to login and then granted access to the folder that I am totally denied access to with NTFS permissions. For some reason it seems that IIS is somehow bypassing file level permissions. In the folder are just .doc, .ppt and html docs. I had a similar problem with a ColdFusion application but it turned out to be ColdFusion specific:
>
>http://www.macromedia.com/devnet/security/security_zone/mpsb03-02.html
>
>I am running Windows 2000, and the groups are set up on the folder as shown below.
>
>\Secure_Folder-
>Everyone - READ
>Administrators- FULL CONTROL
>Non-Employee- DENIED FULL CONTROL
>
>In the Non-Employee domain local group are collection of all of the non-employee domain local groups from the site. I thought that maybe I was violating a rule by nesting domain local groups within domain local groups, so I added myself to the non-employee group. It still blocks me when I go to the folder like it always has and it still lets me in through the web the way it always have. I'm pretty concerned about the security provided to this folder so any help is greatly appreciated.