General discussion


A share and a web security problem? +

By ace-tomatoes ·
A little setup of what I am trying to do.....with security settings, and if there is a way to share a web over a network and have security too?
I run a few small web sites on a win2000 Advanved server box, on a network with a few other computers, I want to share the wwwroot\ folder on the network so we can update pages.
Some how local settings take higher pri. over web, I set the web for read and run for IUSR_ (we have asp, and scripts that need to run) and by making that folder a share over the network then adding a local user, that's when people cant see it from the out side? If I open up the local share to "Everyone" and "IUSR" it works but my security is out the window, When we were running Apache I could share the \hot\ folder set security tight and it would still let internet users see pages......
Second, I tried a work around, I created a shared folder on C:\updated\ that we drop updated web pages from the other computers on the network, then go over to the server and drag and drop to the site they go, But, when we try to Access the site with IE on the internet it asks for password? I guess that file keeping the security settings from the folder they were placed in?
I dont know if I have put across what I am trying to do and whats happening, it would be really nice to have one local user have access to a site across the network and still have people hit the site with out it asking for a password :)
Thank you for help 770-253-9340

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

A share and a web security problem? +

by umbral-echo In reply to A share and a web securit ...

What you are trying to do is possible and fairly easily configured. You are talking about two different types of access and essentially two user accounts that must be configured with correct permissions. Let me explain.

IIS allows anonymous access to web sites so that the Internet users do not need to enter a user name and password to get to the site. The way it accomplishes this is using the I_USR<computername> account. IIS logs on to the system locally using this account whenever a user tries to get to the site, thus granting access. You need to correctly configure the IIS and NTFS permissions to allow access.

The local account you are using to update the site uses Share and NTFS permissions to validate access. You should configurethe permissions on the folder as follows:

NTFS on folder and all files in the folder-

I_USR<computername> read (and write if you use certain types of CGI scripts)
Local account full control (or read/write/modify for slightly tighter security)

Share-level Permissions on folder and files-

local account full control (or change for slightly tighter security)

IIS Permissions assigned to web site-

Check the read and scripts-only execute (unless you require less strict permissions for your web site to run)

Make sure that you have anonymous access enabled on the "Directory Security" tab (Edit button). You should also verify that the I_USR<Computername> account is being used, and that IIS controls the password (Hit the Edit button under the checkbox to turn on anonymous access). This ensures that the password is a random one, further strengthening security.

Collapse -

A share and a web security problem? +

by ace-tomatoes In reply to A share and a web securit ...

Sorry it took so long to reply, it did help but I am still having a problem getting the share right, if I set it one way it lets everyone in, if I set it another way and click on the computer in Network Neighborhood is says "Access Denied" Two ways to start share?, one by right mouse click on the folder & a blue hand shows up on the folder & one under Admin Tools "shares" right mouse and create share and I dont see a blue hand but it is shared?

I wish I had more time to sit and just play with this to really learn it and get it right......
The funny thing is I set up a Macintosh share to have access to a web, that works so just the person I give access to has it.

At this point messing around with all the settings, I am probably wide open
The sites I am working with are using redirects and sub web folders, I left one folder open "Apple MAU" for guests that any one can access with a Mac

Thank You for all your help! 770-253-9340

Collapse -

A share and a web security problem? +

by ace-tomatoes In reply to A share and a web securit ...

This question was closed by the author

Related Discussions

Related Forums