iis security: Hi all,

I've got an IIS webserver where I need some users (authenticated using
active directory) to have traverse rights through a directory but *not*
rights to read or execute any of the files in it. I've set up a
particular group with traversal rights with no read/execute, yet try as
I might, I can't prevent them from opening the files.

Anyone got any idea what the problem might be? Is this just not
possible in IIS, or is there some rights management thing I've
forgotten to take into account? It's driving me nutty ...

Cheers,

Ben

I'm not an NTFS ACL expert, but this definitely is not an IIS security
issue. You need to ask this in a core Windows Security group about how NT
ACLs work. I do not think you set up the NTFS ACLs correctly because the
"List" and "Read" permissions should already be able to control whether a
user can list files and look inside of each file.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
Hi all,

I've got an IIS webserver where I need some users (authenticated using
active directory) to have traverse rights through a directory but *not*
rights to read or execute any of the files in it. I've set up a
particular group with traversal rights with no read/execute, yet try as
I might, I can't prevent them from opening the files.

Anyone got any idea what the problem might be? Is this just not
possible in IIS, or is there some rights management thing I've
forgotten to take into account? It's driving me nutty ...

Cheers,

Ben

[quoted text, click to view]

Check rights to specific files. Make sure the user isn't in a group
that has access. Set NTFS permissions at the folder level to read,
but the file level to no access. You have to do it at the file level,
since to read the folder would by default allow read of the file.

Or rethink your directory structure, this is a fairly convoluted
security setup. Virtual folders could also solve the issue.