Comments on: IIS Security http://www.msdigest.net/2009/04/iis-security/ Technical blog about Exchange, Lync & Office 365 by Peter Schmidt [MVP and MCM: Exchange] Mon, 02 Jan 2012 07:55:04 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Peter Schmidt http://www.msdigest.net/2009/04/iis-security/comment-page-1/#comment-26918 Peter Schmidt Tue, 09 Jun 2009 20:35:56 +0000 http://www.iis-digest.com/index.php/2009/04/iis-security/#comment-26918 Cool, thanks for replying back with your solution. Cool, thanks for replying back with your solution.

]]> By: Fred http://www.msdigest.net/2009/04/iis-security/comment-page-1/#comment-26916 Fred Tue, 09 Jun 2009 08:43:22 +0000 http://www.iis-digest.com/index.php/2009/04/iis-security/#comment-26916 Hi, figured it out, posting for whoever ponders this question as well - it's very straightforward really, just got confused by the best practice we typically use for shares, where we leave the share permissions wide open, and handle security on the Security tab -- in this situation however, that's a bad idea: when a website uses Integrated Windows Security, these rules apply: + the access to the website is determined by the Security tab + if necessary, you can share the folder, and the access to the share should then be managed by configuring the Share Permissions (so only give the administrators of the website access to the share) Hi, figured it out, posting for whoever ponders this question as well – it’s very straightforward really, just got confused by the best practice we typically use for shares, where we leave the share permissions wide open, and handle security on the Security tab — in this situation however, that’s a bad idea:
when a website uses Integrated Windows Security, these rules apply:

+ the access to the website is determined by the Security tab
+ if necessary, you can share the folder, and the access to the share should then be managed by configuring the Share Permissions (so only give the administrators of the website access to the share)

]]> By: Fred http://www.msdigest.net/2009/04/iis-security/comment-page-1/#comment-26892 Fred Fri, 29 May 2009 15:14:43 +0000 http://www.iis-digest.com/index.php/2009/04/iis-security/#comment-26892 Hi, I have one question there doesn't seem to be much info on - I'm hoping you can help. We have an IIS website using Integrated Windows Authentication which has to be accessible to everyone in the company - all working fine, but we noticed that with the current settings (share permissions: everyone full access -- Security: authenticated users Read access), everybody can also access the windows file share, and thus open the .asp, .config, ... etc files which sometimes contain passwords! - How can we grant them access to the website, without also granting access to the actual file share? Thanks in advance! Fred Hi, I have one question there doesn’t seem to be much info on – I’m hoping you can help.
We have an IIS website using Integrated Windows Authentication which has to be accessible to everyone in the company – all working fine, but we noticed that with the current settings (share permissions: everyone full access — Security: authenticated users Read access), everybody can also access the windows file share, and thus open the .asp, .config, … etc files which sometimes contain passwords! – How can we grant them access to the website, without also granting access to the actual file share?

Thanks in advance!
Fred

]]>