|
zhoujun wrote:
If I get the answer,I will tell you right away.
Thanks, buddy! This is not a trivial problem, and the documentation is really bad. There's lots of it, but the content lacks any value.
"When in danger, fear, or doubt, run in circles, scream and shout!" - Lorelei and Lapis Lazuli Long
|
|
|
|
|
I'm going back many years in old Network theory to the time of G-net. And I wonder if the same theory holds.
Make a User Directory, with a subdirectory. The individual users should only have the full permissions you want to give to their subdirectory.
Next give each of the users view/read permissions to their own user directory.
I always found mastering network stuff was easiset with several machines side by side, and a good swivel chair. Ouch !!!
Regardz
Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining.
Said by Roger Wright about me.
|
|
|
|
|
Been there, done that. It doesn't work, so I burned the t-shirt.
"When in danger, fear, or doubt, run in circles, scream and shout!" - Lorelei and Lapis Lazuli Long
|
|
|
|
|
This is what I do, and it seems to work:
- First, prepare the default FTP site.
- Apply all security patches
- Install IISLockdown.
- Make sure that write access is disabled.
- If possible, turn off annonymous access, otherwise make sure the anonymous account is not the IUSR_MachineName account.
- Create a user account with "Log on locally" priveleges, which will be used to upload the site.
- Create a directory for the web application. Preferably, nowhere near the wwwroot, ftproot or inetpub directories. Set the following NTFS permissions:
- The Administrators group and the upload account should have full control
- The IUSR_MachineName account should have read access.
- Nobody else should have any permissions. Specifically, if anonymous FTP access is allowed, the anonymous FTP account should not be able to read this directory.
- In the default FTP site, create a virtual directory pointing to the web application directory. Give it the same name as the upload user, and enable write access.
- Once the site is ready, create a new web-site pointing to the web application directory.
When the upload user logs in, IIS will automatically move them to the virtual directory with the same name as their user name.
Since the directory is a virtual directory, anonymous FTP users will not be able to see it.
The NTFS permissions won't allow anyone other than the upload user to access the directory, so other users won't be able to read or change the contents, even if they could guess the name.
By granting read access to the IUSR_MachineName account, anonymous users will be able to view the web site.
Hope this helps!
|
|
|
|
|
Thanks,Richard,
I follow the directions you give,
everything seems working well,
and finally,the ftp part works as I want to,
but when browsing to that website,I got error messages in IE browsers that said "access to directory is denied"?
by the way,I did not install IISLockdown since I thought it's an option,
and when setting the directory's NTFS permissions,I do like this:mouse right-click that directory,select the last item properties(R)(I don't know if I am right in translating the item name because what I am seeing is in chinese) from the pop-up menu,then select the security tab,then set permissions as you said,original it has everyone access rights,and I delete it.
I want your further help.
this is my signature for forums quoted from shog*9:
I can't help but feel, somewhere deep within that withered, bitter, scheming person, there is a small child, frightened, looking a way out.
|
|
|
|
|
zhoujun wrote:
"access to directory is denied"
That usually means that the IUSR_MachineName account doesn't have enough permissions on the directory. Try giving it "Read", "Read & Execute" and "List Folder Contents" permissions. Also, click on the "Advanced" button on the security tab, and tick the box, "Replace permission entries on all child objects...".
IISLockdown isn't required, but I like to put it on every IIS server connected to the Internet as an extra security measure. Anything that helps keep hackers and viruses out can't be bad!
|
|
|
|
|
i dont have the rightes to see service on other computer of my network.
i have a simple network of two computer and the operating
system is XP on both computers.
i am able to share dives,internet fasilities on other network computer.
but problem is that
i dont have the rightes to see service on other computer of my network.
how to get rightes to see services? the answer did not solve my problem please give a better suggesation to solve the problem
r00d0034@yahoo.com
r00d0034@yahoo.com
|
|
|
|
|
the account that u use to logon can be made part of the 'Administrator' group. I am not too sure. Perhaps from a domain part of you, that should work like making the domain user account part of Local Administrator and logging on with that, as we do. But since you do not have a domain controller in between, the account used to login to the other system must be part of 'Administrator' group.
Deepak Kumar Vasudevan
http://deepak.portland.co.uk/
|
|
|
|
|
who to make domain on xp_professional ?
r00d0034@yahoo.com
|
|
|
|
|
I installed my windows 2000 server with IIS 5.0.
Now I want to allow users to ftp to server and transfer files between users' client pc and server,
But How can I setup the server to achieve that one user can only access to a specified directory on the server and can not access to other users' directory.(ideally,the directory may just be the user name)?
And in that user-specified directory,everyone can access that directory(the directory is setup as a web visual path and the specified user can upload website files) via browsers but not ftp?
What I have done is: I create a user and according to username a directory on the server harddisk,and setup the path as a visual ftp directory in IIS manager interface,but everyone can visit that path,and if I setup the path's access rights to specified user,then browser to that path is prompt user to provide user and password?
Roger's reply:
I just went through this hassle - the solution is non-obvious on Win2K Server. Check my thread on the Operating Systems forum; the response from Richard D solved my access problem nicely. Quicklink[^]
I couldn't give access to users who had perfectly valid user accounts on my domain. It turned out that local logon rights are denied by default on the Server edition. The link Richard provided gave detailed instructions on how to enable this. Once you enable it, your users should be able to get into the computer and the FTP area. Limiting access to specific shares for each user can probably be done using NTFS rights on each folder. I don't know that for sure because I haven't tried it. Only one user beside myself has access, and I trust that one - I haven't tried limiting access yet. If this doesn't work, move this discussion to the Operating Systems forum and we'll continue it.
this is my signature for forums quoted from shog*9:
I can't help but feel, somewhere deep within that withered, bitter, scheming person, there is a small child, frightened, looking a way out.
|
|
|
|
|
Yes,using NTFS rights on each folder can solve limiting access to specific shares for each user.
But another problem occur,since I have setup the user directory as a visual path of default website in IIS manager,when client browse to that web path,he will be prompted a popup windows to provide user name and passord because I have delete that directory's everyone rights.
this is my signature for forums quoted from shog*9:
I can't help but feel, somewhere deep within that withered, bitter, scheming person, there is a small child, frightened, looking a way out.
|
|
|
|
|
Forgive me if I sound dense - It's very late and I'm having some trouble understanding your English. You're doing great, but I'm tired... You should not be using the default website in IIS; put the shared folder in the default FTP site. When your users connect they should use 'ftp://zhoujunsdomain.com' to establish a FTP connection. A logon dialog box should then appear, and they should type in the proper username and password. The next screen they should see is a collection of folders stored in the Default FTP Site location. From there it should be no trouble to open any folder for which that user has permissions to use. Removing the Everyone Group is a good idea, by the way, but you have to be sure to create permissions for each user that you want to have access. I created a group called FTPUsers for just that purpose, and it's working well so far.
"When in danger, fear, or doubt, run in circles, scream and shout!" - Lorelei and Lapis Lazuli Long
|
|
|
|
|
It's very late and I'm having some trouble understanding your English.
My english is still in practising stage.I am sorry to give you trouble.hehe.
I will give an example,say,I create a user account named zhoujun,and I create a directory "c:\zhoujun",and I add a visual ftp path in default ftp site named "zhoujun" mapping to "c:\zhoujun",and I give the "c:\zhoujun" path access rights to only user "zhoujun",then user zhoujun can access to "c:\zhoujun" and other users can not access it.
Then I create a visual path for "c:\zhoujun" in default web site,name it to "zhoujun",so the client browsers can access using "http://hostdomainname/zhoujun/index.asp;
But since only zhoujun can access to "c:\zhoujun",and everyone have no access rights now,the browser pop up a login windows,then sad story begins.
How to deal with it?
this is my signature for forums quoted from shog*9:
I can't help but feel, somewhere deep within that withered, bitter, scheming person, there is a small child, frightened, looking a way out.
|
|
|
|
|
Each user will need a local account on your server, and will have to enter a username and password when the login box appears. The shares you want them to be able to access will also have to have permissions set for each user to allow it. Did you follow the instructions in Richard's response to my question? They worked perfectly on my machine.
"When in danger, fear, or doubt, run in circles, scream and shout!" - Lorelei and Lapis Lazuli Long
|
|
|
|
|
can u tell me the right path of group polices
i try to find it but could not succeed.if u please tell me the complete path
r00d0034@yahoo.com
|
|
|
|
|
What exactly are you looking for?
If you're looking for the group security policies for your local computer, you'd use the Local Security Policy MMC tool under Administrative Tools.
|
|
|
|
|
Start->Run
gpedit.msc
Click OK.
-Sean
----
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Albert Einstein.
I saw a woman wearing a sweatshirt with 'Guess' on it. I said, "Thyroid problem?" -- Emo Philips.
Love is two minutes, 52 seconds of squishing noises. -- Johnny Rotten.
|
|
|
|
|
if i want to disable/enable the "ctrl+alt+delete commbination" under " WINXP" what should i do
r00d0034@yahoo.com
|
|
|
|
|
|
Snap off the key caps.
Seriously, I don't know that you can. I need it so often to save users from themselves I wouldn't want to do without it. I'd check into Group Policies as a first option. If you're trying to prevent users from rebooting, I know you can take that right away from them selectively, too. By the way, how did your previous post work out?
"When in danger, fear, or doubt, run in circles, scream and shout!" - Lorelei and Lapis Lazuli Long
|
|
|
|
|
imran_rafique wrote:
if i want to disable/enable the "ctrl+alt+delete commbination" under "WINXP" what should i do
I don't think you can. Why do I think this? Because all the remote connection software I have ever used has had it's own special key combination to mimick a ctrl-alt-delete on the end computer. i.e. None of them could override the local computers ctrl-alt-delete catch.
There may be a way, but even if there is, probably not a good idea to do so. We need all the default, guarateed escape routes we can get
Paul Watson Bluegrass Cape Town, South Africa Ray Cassick wrote: Well I am not female, not gay and I am not Paul Watson
|
|
|
|
|
maybe u cannot disable||enable ctrl+alt+delete.However u can make this combination unusable by writing an .exe which changes the 'delete' key .
|
|
|
|
|
Open Control Panel
Double-Click on 'Administrative Tools'
Double-Click on 'Local Security Policy'
Local Policies\Security Options
Set the appropriate option under 'Interactive logon: Do not require CTRL+ALT+DEL'
-Sean
----
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -- Albert Einstein.
I saw a woman wearing a sweatshirt with 'Guess' on it. I said, "Thyroid problem?" -- Emo Philips.
Love is two minutes, 52 seconds of squishing noises. -- Johnny Rotten.
|
|
|
|
|
i dont have the rightes to see service on other computer of my network.
i have a simple network of two computer and the operating
system is XP on both computers.
i am able to share dives,internet fasilities on other network computer.
but problem is that
i dont have the rightes to see service on other computer of my network.
how to get rightes to see services?
r00d0034@yahoo.com
|
|
|
|
|
What variety of XP are you running - Home or Professional?
"Another day done; all targets met; all systems fully operational; all
customers satisfied; all staff keen and well motivated; all pigs fed and
ready to fly." - Jennie Agard, McGuckin Hardware Systems Manager
|
|
|
|
|