Microsoft FrontPage 2000 Server Extensions Resource Kit | |||
Security on Windows NT 7 of 9 Restricting Windows NT Account Lists In FrontPage 98 and later, you can set up a single user and group list for each FrontPage-extended web. Then, when administrators use the FrontPage client to give permissions to administrators, authors, and site visitors, they do not see the full Windows NT account list of the server. This lets you protect the confidentiality of your user community. To set up restricted Windows NT account lists, do the following:
Setting the registry keyYou can set a global registry key to enable restricted Windows NT account lists for all virtual servers on the IIS server, or you can restrict Windows NT account lists for any single servers.
You can set the global RestrictIISUsersAndGroups to 0 to globally disable restrictions, and then you can override the setting on specific virtual servers. Naming the restricted groupIf user and group restrictions are enabled for a given FrontPage-extended web, the server extensions look for a Windows NT group named with the following convention: FP_[VirtualServer][_Directories][_Subweb] On a multihosted IIS2.0/3.0 machine, [VirtualServer] is the server's IP address and port number combination, and [_Directories][_Subweb] is the URL of the subweb. An example for the root web is FP_172.17.123.255:80. For a subweb, an example is FP_172.17.123.255:80_directory1_MySubWeb1_directory2_MySubWeb2. This is the nested subweb at the URL http://172.17.123.255:80/directory1/MySubWeb1/directory2/MySubWeb2. On a single-hosted machine, [VirtualServer] is the port number. For example, FP_80 is the virtual server at port 80 when this port is not specifically bound to an IP address in the Internet Service Manager. On IIS 4.0 and later, [VirtualServer] can be of the form /LM/W3SVC/N, where N is an instance number. An example of this form for a root web is FP_/LM/W3SVC/1. An example for a subweb of this virtual server is FP_/LM/W3SVC/1_MySubWeb. Another variation of this form is to use the host name. For a root web, an example is FP_www.microsoft.com:80, and for a subweb, FP_www.microsoft.com:80_MySubWeb. On a single-hosted machine, [Virtual Server] could be configured as the port number, as in FP_80. The other IIS 4.0 options will work in this case as well. If restrictions are enabled on a subweb but no local group is defined, the FrontPage Server Extensions look for the group of the parent web and use it, if it exists. This is repeated recursively if the subweb is nested within another subweb. If no appropriately named group is found, then no restriction is placed on permissions. |
|||
Introduction | |||
Security on Windows NT |
|||
Security on UNIX | |||
7 of 9 | TOP | |
Last Updated November 1998 ©1998 Microsoft Corporation. All rights reserved. Terms of Use. |