June 28th, 2011, 10:54 AM
IIS - Restricting Access
I'm faced with a situation where I have a number of IIS websites that need to be password protected, preferably with Windows Authentication. Additionally, I want users (except for administrators) to have access only to the specific website that I've granted them permission to access. Right now, I'm faced with the following problem: any user in the system can access any website. I figured this had to do with the fact that the website home directories are accessible by the Users group, and in fact, removing the Users group's access to these folders and selectively granting rights to the users I want solves the problem. However, due to the server-side scripting languages I use, I require that the Users group have access to the website folders. I've tried removing membership to the Users group of these users, but that seems to have no effect. Please let me know if you have any ideas, and thanks in advance for your help.
June 28th, 2011, 11:20 PM
Assign only the desired users/groups permissions to the directories in question.
I've never been able to appreciate the sublime arrogance of folks who feel they were put on earth just to save other folks from themselves .." - Donald Hamilton