I administer a web server for a small university. I am not really familiar with IIS and Win2k coming from a background of linux servers. The issue I have is that we have a number of other "sub-authors" that need tobe able to publish to certain folders on the web server, but not be allowed to mess with others. I know that oyu can set folder permissions to allow only certain users to edit them, but I am not really sure how to do it and do it in a secure way. Any help would be tremendously appreciated. If you need more information, email me at emeier@umhb.edu Thanks a lot!

…§ Çøvêr† Øpërå†ïõñš §…

You should use NTFS Folder permission on the folders instead of share permissions. (set the share just use the NTFS folder permissions instead) Keeps things less complicated.

Right click on an applicable folder/select Properties/security tab. Remove applicable users and groups and then add the Author that will have permissions on the folder and files within.
You should add the Write permission and possibly the Modify permission (if you want them to be able to delete subfolders and files within their own folder) if needed.

Next, click the Advanced button and add a checkmark to Replace permission entries on all child objects etc..

Do the same for the other folders and corresponding Authors.

* Note

The steps outlined above in no guarantee 100% security over the authors folders and or files.. Meaning, I don't know exactly how IIS is setup, what access is available through the Net etc... or what else is going on. They are intended as a starting point which which you can modify as you see fit.

*Proactive

backup the Authors folders on a regular basis in case the server bombs or one of the Authors decides to bail and dumbs his/her folder. Or, better still, house these folders on a different server seperate from the web server.

Patrick (http://www.winguides.com/forums/sendprivate.php?Cat=&User=POBrien&Board=&Number=&what=online&page=&view=&sb=&part=&vc=><font)</font color=green> /images/forums/icons/smile.gif
<a target="_blank" href=http://www.winguides.com/subscribe/?guide=registry>WinGuides</a>

Looks like it's time to go shopping</font color=blue>[/b] (http://www.amazon.com/exec/obidos/tg/detail/-/073561024X/ref=pd_sim_books/104-8724186-4901527?v=glance><font), 'cause there's a bit of reading</font color=blue> (http://www.amazon.com/exec/obidos/tg/detail/-/076450682X/qid=1033819488/sr=1-6/ref=sr_1_6/104-8724186-4901527?v=glance>[b]<font) you need to do.

Before you go and do something silly, (you might be amazed how common a mistake this is) like remove group Everyone, be sure to add that machine's local Administrators group with full control. The Admin account is a member of Everyone...

Hey Covert,

Whether it's IIS, Active Directory or Stand Alone, thie first thing you should always do is Remove the Everyone Group from a shared resource. Adding in the Admin or admin group is a good idea but is not required as an Admin can always Take Ownership of any folder/resource at any time no matter what the permissions are. Again, Use NTFS folder/file permissions instead of the share permissions as it overrides the share permissions to become the effective permissions.

Knowledge extracted from

Microsoft Press, NT Server 4.0 Enterprise edition
Microsoft Press, NT Server 4.0 Administration
Windows 2000 Professional Resource Kit
Mike Meyers XP Pro Certification passport for the MCSE XP Pro exam 70-270

Pat

~ Just because the structure is built, doesn't mean there's anything inside ~

I'm sorry. I wasn't being clear. I was referring to removing the group Everyone from NTFS. Sure, you can get around it, but it makes life a hell of a lot easier if you just go ahead and make your Administrators group full control before you start ripping things out of the NTFS permissions.

Thanks Guys, I appreciate it a lot...

…§ Çøvêr† Øpërå†ïõñš §…

No problem.

Pat