Are you authenticating your users? If not, only the IUSR account would need NTFS permissions to \privateCode, in addition to yourself. Don't worry about the permissions in IIS for the time being.
Imagine this scenario: Your Web site is stored in C:\Inetpub\wwwroot\corpnet. Your site authenticates users when they access it, so your IUSR account is kinda irrelevant. Some of the code in your site has pages that create, modify, and/or delete files within the site's file system, i.e. via a file upload page. You have C:\Inetpub\wwwroot\corpnet shared as \\IISServer\corpnet In order for this to be permitted, your authenticated users needs to have NTFS permissions to upload the files, since files will be written to the server's file system under the authenticated user's credentials. Since NTFS permissions give users full control to your files, you'll want to make sure that they cannot access your files by mapping a drive to \\IISServer\corpnet. To prevent this, you would control the SHARE permissions of the share. Allow only yourself to access the share, or anyone else who has the rights to modify your site. So, since while Joe Ordinary User has NTFS permissions to go and delete all your files if he wants to, he does not have a way of getting to them, because he'd be denied to \\IISServer\corpnet, and he is not authorized to log on to the server through a terminal services session. Is this what you're trying to do? Ray at work > -----Original Message----- > From: Brian [mailto:[EMAIL PROTECTED] > Sent: Monday, August 30, 2004 5:22 PM > To: [EMAIL PROTECTED] > Subject: Re: [ASP] OT: W2K folder restrictions > > > Please excuse my ignorance but, here's is all that I can tell you on > how it is currently set up... > A virtual directory was created in IIS for the root of the site. > As for permissions set within IIS, i beleive it is all default. > > In win explorer settings where set on the root folder by right > clicking on the folder and setting the security permissions. a few > users are denied permission, and Everyone has full control. > Now there is a folder in the root site (ex. privateCode) that I only > want to allow myself to access through win explorer, but everyone > else can through the web/IIS. > > could you please expand on your suggestion/instructions, or if you > don't have the time, point me to some resources on the web that may > help me with this. > > I appreciate your help! > > Thank you! > Brian > > > > > --- In [EMAIL PROTECTED], "Ray at work" > <[EMAIL PROTECTED]> wrote: > > Is the share on the IIS server? You can deny the user access to > the SHARE > > using SHARE permissions, but give the user NTFS permissions to the > > directory, so any authenticated ASP scripts running on that server > will > > still have access to it. > > > > Ray at work > > > > > -----Original Message----- > > > From: Brian [mailto:[EMAIL PROTECTED] > > > > > Hi. Sorry for the off topic post, but I was hoping someone here > > > could help me out with this. > > > > > > I am wanting to restrict access so that users on our network can > not > > > access a certain folder through windows explorer. However, I do > want > > > them to have access to the asp scripts in that folder over the > > > company intranet. Can someone please tell me how to accomplish > this. > > > > ------------------------ Yahoo! Groups Sponsor > --------------------~--> > $9.95 domain names from Yahoo!. Register anything. > http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/17folB/TM > -------------------------------------------------------------- > ------~-> > > -------------------------------------------------------------- > ------- > Home : http://groups.yahoo.com/group/active-server-pages > --------------------------------------------------------------------- > Post : [EMAIL PROTECTED] > Subscribe : [EMAIL PROTECTED] > Unsubscribe: [EMAIL PROTECTED] > --------------------------------------------------------------------- > Yahoo! Groups Links > > > > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/17folB/TM --------------------------------------------------------------------~-> --------------------------------------------------------------------- Home : http://groups.yahoo.com/group/active-server-pages --------------------------------------------------------------------- Post : [EMAIL PROTECTED] Subscribe : [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] --------------------------------------------------------------------- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/active-server-pages/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
