Yes, that sounds like what I am wanting to achieve. But Joe Ordinary can still have access to the root of the site C:\Inetpub\wwwroot\corpnet, \\IISServer\corpnet and several other folders within it. I just need to restrict access to but allow IIS to use scripts from one folder within the site, C:\Inetput\wwwroot\corpnet\privateFolder.
Could please explain how I would go about doing this? Thanks, Ray! Brian --- In [EMAIL PROTECTED], "Ray at work" <[EMAIL PROTECTED]> wrote: > Are you authenticating your users? If not, only the IUSR account would need > NTFS permissions to \privateCode, in addition to yourself. Don't worry > about the permissions in IIS for the time being. > > Imagine this scenario: > > Your Web site is stored in C:\Inetpub\wwwroot\corpnet. > Your site authenticates users when they access it, so your IUSR account is > kinda irrelevant. > Some of the code in your site has pages that create, modify, and/or delete > files within the site's file system, i.e. via a file upload page. > You have C:\Inetpub\wwwroot\corpnet shared as \\IISServer\corpnet > > > In order for this to be permitted, your authenticated users needs to have > NTFS permissions to upload the files, since files will be written to the > server's file system under the authenticated user's credentials. > > Since NTFS permissions give users full control to your files, you'll want to > make sure that they cannot access your files by mapping a drive to > \\IISServer\corpnet. To prevent this, you would control the SHARE > permissions of the share. Allow only yourself to access the share, or > anyone else who has the rights to modify your site. > > So, since while Joe Ordinary User has NTFS permissions to go and delete all > your files if he wants to, he does not have a way of getting to them, > because he'd be denied to \\IISServer\corpnet, and he is not authorized to > log on to the server through a terminal services session. > > Is this what you're trying to do? > > Ray at work > > > > > -----Original Message----- > > From: Brian [mailto:[EMAIL PROTECTED] > > Sent: Monday, August 30, 2004 5:22 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [ASP] OT: W2K folder restrictions > > > > > > Please excuse my ignorance but, here's is all that I can tell you on > > how it is currently set up... > > A virtual directory was created in IIS for the root of the site. > > As for permissions set within IIS, i beleive it is all default. > > > > In win explorer settings where set on the root folder by right > > clicking on the folder and setting the security permissions. a few > > users are denied permission, and Everyone has full control. > > Now there is a folder in the root site (ex. privateCode) that I only > > want to allow myself to access through win explorer, but everyone > > else can through the web/IIS. > > > > could you please expand on your suggestion/instructions, or if you > > don't have the time, point me to some resources on the web that may > > help me with this. > > > > I appreciate your help! > > > > Thank you! > > Brian > > > > > > > > > > --- In [EMAIL PROTECTED], "Ray at work" > > <[EMAIL PROTECTED]> wrote: > > > Is the share on the IIS server? You can deny the user access to > > the SHARE > > > using SHARE permissions, but give the user NTFS permissions to the > > > directory, so any authenticated ASP scripts running on that server > > will > > > still have access to it. > > > > > > Ray at work > > > > > > > -----Original Message----- > > > > From: Brian [mailto:[EMAIL PROTECTED] > > > > > > > Hi. Sorry for the off topic post, but I was hoping someone here > > > > could help me out with this. > > > > > > > > I am wanting to restrict access so that users on our network can > > not > > > > access a certain folder through windows explorer. However, I do > > want > > > > them to have access to the asp scripts in that folder over the > > > > company intranet. Can someone please tell me how to accomplish > > this. > > > > > > > > ------------------------ Yahoo! Groups Sponsor > > --------------------~--> > > $9.95 domain names from Yahoo!. Register anything. > > http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/17folB/TM > > -------------------------------------------------------------- > > ------~-> > > > > -------------------------------------------------------------- > > ------- > > Home : http://groups.yahoo.com/group/active-server-pages > > ------------------------------------------------------------------ --- > > Post : [EMAIL PROTECTED] > > Subscribe : [EMAIL PROTECTED] > > Unsubscribe: [EMAIL PROTECTED] > > ------------------------------------------------------------------ --- > > Yahoo! Groups Links > > > > > > > > > > > > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/17folB/TM --------------------------------------------------------------------~-> --------------------------------------------------------------------- Home : http://groups.yahoo.com/group/active-server-pages --------------------------------------------------------------------- Post : [EMAIL PROTECTED] Subscribe : [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] --------------------------------------------------------------------- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/active-server-pages/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
