What's got me totally flummoxed is why adding affected users as individuals to the Visitors group resolves the access issues.
It's almost as though SharePoint isn't able to get the membership from the AD groups. Regards, Paul Online Developer, ICT CEO Sydney From: ozmoss@ozmoss.com [mailto:ozm...@ozmoss.com] On Behalf Of Paul Noone Sent: Friday, 5 June 2009 1:56 PM To: ozmoss@ozmoss.com Subject: RE: 403 error on some site collections Hi Ajay, I don't have a \bin dir in either C:\Inetpub\wwwroot or in my root site but I checked permissions on the bin dir in the 12 hive and all looks good. [cid:image001.jpg@01C9E5ED.DF2A9710] Should the \bin folder for all sites also be readable by user?? Can anyone tell me what the directory permissions should be and why this only seems to affect some users? Someone mentioned that all users also require read access to the web.config in the site root as well. Is this the case? If so it seems easier to just give them read access to every site by default. I can't seem to find any of this info in the implementation white paper. :\ My main problem is that I inherited this farm and have no idea how it was setup or what might have been done to it. Regards, Paul Online Developer, ICT CEO Sydney From: ozmoss@ozmoss.com [mailto:ozm...@ozmoss.com] On Behalf Of Ajay Sent: Friday, 5 June 2009 12:56 PM To: ozmoss@ozmoss.com Subject: Re: 403 error on some site collections This helped me.. http://blogs.msdn.com/johnwpowell/archive/2008/05/23/sharepoint-intermittent-403-forbidden-errors.aspx On Fri, Jun 5, 2009 at 2:08 PM, Paul Noone <paul.no...@ceosyd.catholic.edu.au<mailto:paul.no...@ceosyd.catholic.edu.au>> wrote: Hi all, We've got an issue with some users getting a 403 error on specific site collections even though they're using the same domain name. For example, all users can access our intranet homepage - http://intranet.domain.com - but some can't get to - http://intranet.domain.com/teams or http://intranet.domain.com/docs. Both site collections have the same group permissions and http://*.domain.com is a trusted site. Application pools and identities seem OK. About the only difference I can see is that they all have their own content database. We use AD groups to populate the SharePoint site groups and there is no discernible difference between one user and another in AD. BUT...If I explicitly add an affected user to the Visitors group for /teams and then remove them, they magically have access to all the affected site collections. The only thing I can find online that seems related is an old KB article. As we're running SP1 I don't think this is relevant. http://www.msblog.org/2007/11/10/getting-403-forbidden-error-in-sharepoint-services-30-or-sharepoint-server-2007/ Is this a known problem or has anyone else experienced this? Kind regards, Paul Noone Online Developer, ICT CEO Sydney ph: (02) 9568 8461 fax: (02) 9568 8483 email: paul.no...@ceosyd.catholic.edu.au<mailto:paul.no...@ceosyd.catholic.edu.au> web: http://www.ceosyd.catholic.edu.au/ ________________________________ Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com<mailto:ozmoss@ozmoss.com> Subscribe: ozmoss-subscr...@ozmoss.com<mailto:ozmoss-subscr...@ozmoss.com> Unsubscribe: ozmoss-unsubscr...@ozmoss.com<mailto:ozmoss-unsubscr...@ozmoss.com> List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists ________________________________ Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists ________________________________ Support procedure: https://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists -------------------------------------------------------------------------------- Support procedure: http://www.codify.com/lists/support List address: ozmoss@ozmoss.com Subscribe: ozmoss-subscr...@ozmoss.com Unsubscribe: ozmoss-unsubscr...@ozmoss.com List FAQ: http://www.codify.com/lists/ozmoss Other lists you might want to join: http://www.codify.com/lists
<<inline: image001.jpg>>