|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Traverse rights - yet can read files. Help?Hi all,
I've got an IIS webserver where I need some users (authenticated using active directory) to have traverse rights through a directory but *not* rights to read or execute any of the files in it. I've set up a particular group with traversal rights with no read/execute, yet try as I might, I can't prevent them from opening the files. Anyone got any idea what the problem might be? Is this just not possible in IIS, or is there some rights management thing I've forgotten to take into account? It's driving me nutty ... Cheers, Ben I'm not an NTFS ACL expert, but this definitely is not an IIS security
issue. You need to ask this in a core Windows Security group about how NT ACLs work. I do not think you set up the NTFS ACLs correctly because the "List" and "Read" permissions should already be able to control whether a user can list files and look inside of each file. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // <ben.werdmul***@sbs.ox.ac.uk> wrote in message news:1114509553.650027.313410@f14g2000cwb.googlegroups.com... I've got an IIS webserver where I need some users (authenticated usingHi all, active directory) to have traverse rights through a directory but *not* rights to read or execute any of the files in it. I've set up a particular group with traversal rights with no read/execute, yet try as I might, I can't prevent them from opening the files. Anyone got any idea what the problem might be? Is this just not possible in IIS, or is there some rights management thing I've forgotten to take into account? It's driving me nutty ... Cheers, Ben On 26 Apr 2005 02:59:13 -0700, ben.werdmul***@sbs.ox.ac.uk wrote:
>I've got an IIS webserver where I need some users (authenticated using Check rights to specific files. Make sure the user isn't in a group>active directory) to have traverse rights through a directory but *not* >rights to read or execute any of the files in it. I've set up a >particular group with traversal rights with no read/execute, yet try as >I might, I can't prevent them from opening the files. > >Anyone got any idea what the problem might be? Is this just not >possible in IIS, or is there some rights management thing I've >forgotten to take into account? It's driving me nutty ... that has access. Set NTFS permissions at the folder level to read, but the file level to no access. You have to do it at the file level, since to read the folder would by default allow read of the file. Or rethink your directory structure, this is a fairly convoluted security setup. Virtual folders could also solve the issue. Jeff 
Other interesting topics
Cannot find server or DNS error
401 Unauthorized trying to read SPList Attachment - owssrv.dll Administrator 401.1 after SP1 SharePoint password prompting webdav prompts for second password Why is iis6.log on an XP home machine? SSL doesn't work IWA with multiple AD Permission Denied when writing text file from ASP Site access only through Local groups |
|||||||||||||||||||||||
