"CB" <C*@discussions.microsoft.com> wrote in message
news:AE39F4B6-A61F-41BC-98B7-8B41500C7B28@microsoft.com...
> We have single server that we are using for development, and have invited
> some 3rd party developers to create some aspnet content on the server.
> They
> have requested Terminal Services Login (remote desktop). WHAT is the
> minimal
> security group or Best Practice for giving outside users such permission?
>
> So they will be able to develop content easily and securely without
> compromising the server itself?
>
> Thanks,
>
> v

"Ken Schaefer" wrote:

> To be able to logon via Terminal Services, you can add them to the Remote
> Operators group.
>
> HOWEVER
>
> You need to ask why they need interactive access to the server. To be able
> to develop simple .NET applications, they'd (at most) need the ability to
> upload files to your server. Interactive access implies that they wish to
> view/edit settings or server configuration. In order to work out whether
> they actually need this access, you need to find out from them why they want
> this access in the first place.
>
> Cheers
> Ken
>
> "CB" <C*@discussions.microsoft.com> wrote in message
> news:AE39F4B6-A61F-41BC-98B7-8B41500C7B28@microsoft.com...
> > We have single server that we are using for development, and have invited
> > some 3rd party developers to create some aspnet content on the server.
> > They
> > have requested Terminal Services Login (remote desktop). WHAT is the
> > minimal
> > security group or Best Practice for giving outside users such permission?
> >
> > So they will be able to develop content easily and securely without
> > compromising the server itself?
> >
> > Thanks,
> >
> > v
>
>
>

"CB" <C*@discussions.microsoft.com> wrote in message
news:0DAC3E60-56C7-4155-ACAF-D20EA154FCB5@microsoft.com...
> This actually leads to question 2:
>
> Does anyone know how to restrict virtual directories of IIS FTP to only
> one
> user?
>
> When we make a VD with IIS for the FTP ANY user can then navigate to that
> folder if they know the folder name. For example.
>
> LocalUser
>  \Matt
>  \Tom
>
> VirtualDirectory - \public_html
>
> Although Matt and Tom are isolated from that folder down if we make a VD
> of
> public_html if either of them know the folder name they can both access
> it.
>
> IS there a way to prevent this without IP RESTRICTION? I tried removing
> the
> USER group from the VD permissioons tab but the stopped the Website itself
> from running.
>
> Bottom line:
> We need to give ftp access to off site developers to upload website files,
> but we are running into problems with win2lk3's built in ftp server for
> security and user isolation on the small scale. =(
>
> Any ideas?
>
> Thanks in advance.
>
> "Ken Schaefer" wrote:
>
>> To be able to logon via Terminal Services, you can add them to the Remote
>> Operators group.
>>
>> HOWEVER
>>
>> You need to ask why they need interactive access to the server. To be
>> able
>> to develop simple .NET applications, they'd (at most) need the ability to
>> upload files to your server. Interactive access implies that they wish to
>> view/edit settings or server configuration. In order to work out whether
>> they actually need this access, you need to find out from them why they
>> want
>> this access in the first place.
>>
>> Cheers
>> Ken
>>
>> "CB" <C*@discussions.microsoft.com> wrote in message
>> news:AE39F4B6-A61F-41BC-98B7-8B41500C7B28@microsoft.com...
>> > We have single server that we are using for development, and have
>> > invited
>> > some 3rd party developers to create some aspnet content on the server.
>> > They
>> > have requested Terminal Services Login (remote desktop). WHAT is the
>> > minimal
>> > security group or Best Practice for giving outside users such
>> > permission?
>> >
>> > So they will be able to develop content easily and securely without
>> > compromising the server itself?
>> >
>> > Thanks,
>> >
>> > v
>>
>>
>>