I tried that. When I do, I lose something at a lower level, don't know what.
I get themessage Access denied to 'c:\inetpub\wwwroot\web.config'. The
(Users) WEB1\Users would be local users so it shouldn't affect the domain
users. Should it?
Thanks for the advice. It was worth trying again.
[quoted text, click to view] "Miha Pihler [MVP]" wrote:
> Hi,
>
> IIS will always honor NTFS permissions on the folder where the web content
> is stored. So in order to solve this problem and make sure that only Support
> Group has access to the web site you have to remove Users group from the
> folder where the web content is stored.
>
> I hope this helps.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "stebe" <stebe@discussions.microsoft.com> wrote in message
> news:1CFB6F42-E4D7-4689-B45A-D15F09B4E35C@microsoft.com...
> > This seems simple enough, I just can't seem to get it to work. I have IIS
> > 6.0 and was trying to password protect a sub directory. Being
> > unsuccessful
> > there, I moved up to the web root. I have unchecked Enable Anonymous
> > Access,
> > and have only Basic Authentication checked (I am using SSL). At
> > C:\Inetpub\wwwroot I changed the Security to Administrators have Full
> > Control, Support Group has Read and Execute, CREATOR OWNER has Special
> > Permission, SYSTEM has Full Control and WEB1\Users has Read and Execute.
> > When a user goes to our support page, anyone can put in their username and
> > password and access the page. I only want people in my Support Group to
> > be
> > able to access the page. Thanks in advance.
> >
> > Stebe
>
>
Hi,
IIS will always honor NTFS permissions on the folder where the web content
is stored. So in order to solve this problem and make sure that only Support
Group has access to the web site you have to remove Users group from the
folder where the web content is stored.
I hope this helps.
--
Mike
Microsoft MVP - Windows Security
[quoted text, click to view] "stebe" <stebe@discussions.microsoft.com> wrote in message
news:1CFB6F42-E4D7-4689-B45A-D15F09B4E35C@microsoft.com...
> This seems simple enough, I just can't seem to get it to work. I have IIS
> 6.0 and was trying to password protect a sub directory. Being
> unsuccessful
> there, I moved up to the web root. I have unchecked Enable Anonymous
> Access,
> and have only Basic Authentication checked (I am using SSL). At
> C:\Inetpub\wwwroot I changed the Security to Administrators have Full
> Control, Support Group has Read and Execute, CREATOR OWNER has Special
> Permission, SYSTEM has Full Control and WEB1\Users has Read and Execute.
> When a user goes to our support page, anyone can put in their username and
> password and access the page. I only want people in my Support Group to
> be
> able to access the page. Thanks in advance.
>
> Stebe
By default Domain Users are also members of Local Users group. So yes it
will affect all your domain users (and give them access to the web site).
--
Mike
Microsoft MVP - Windows Security
[quoted text, click to view] "stebe" <stebe@discussions.microsoft.com> wrote in message
news:53D010C2-C28B-4606-A3F7-1FC430869C1F@microsoft.com...
>I tried that. When I do, I lose something at a lower level, don't know
>what.
> I get themessage Access denied to 'c:\inetpub\wwwroot\web.config'. The
> (Users) WEB1\Users would be local users so it shouldn't affect the domain
> users. Should it?
> Thanks for the advice. It was worth trying again.
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> IIS will always honor NTFS permissions on the folder where the web
>> content
>> is stored. So in order to solve this problem and make sure that only
>> Support
>> Group has access to the web site you have to remove Users group from the
>> folder where the web content is stored.
>>
>> I hope this helps.
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "stebe" <stebe@discussions.microsoft.com> wrote in message
>> news:1CFB6F42-E4D7-4689-B45A-D15F09B4E35C@microsoft.com...
>> > This seems simple enough, I just can't seem to get it to work. I have
>> > IIS
>> > 6.0 and was trying to password protect a sub directory. Being
>> > unsuccessful
>> > there, I moved up to the web root. I have unchecked Enable Anonymous
>> > Access,
>> > and have only Basic Authentication checked (I am using SSL). At
>> > C:\Inetpub\wwwroot I changed the Security to Administrators have Full
>> > Control, Support Group has Read and Execute, CREATOR OWNER has Special
>> > Permission, SYSTEM has Full Control and WEB1\Users has Read and
>> > Execute.
>> > When a user goes to our support page, anyone can put in their username
>> > and
>> > password and access the page. I only want people in my Support Group
>> > to
>> > be
>> > able to access the page. Thanks in advance.
>> >
>> > Stebe
>>
>>
>>
