JSI Tip 3821. How do I use NTFS security to protect Web pages hosted on IIS 4.0 or 5.0?
June 20, 2001
Microsoft has written a step-by-step guide:
"This is a step-by-step guide to using Windows NTFS security to protect Web pages that are running on Internet Information Server (IIS) version 4.0 or 5.0. To protect your pages, you put the pages in a separate folder and then apply permissions to that folder.
Note that this article does not outline the best practices for using FrontPage and the FrontPage Server Extensions. For additional information on best practices using FrontPage and the FrontPage Server Extensions, click the article number below to view the article in the Microsoft Knowledge Base:
Q216705 How to Set Permissions on a FrontPage Web on IIS
Requirements
To protect your page or pages, you need the following:
A Web site that is already created and running on Internet Information Server version 4.0 or 5.0 on an NTFS drive partition.
Administrative access to the server.
Users and groups to whom you wish to grant access available on the domain.
Check the file system type
On the server desktop, double-click the My Computer icon.
Right-click the drive that contains the Web content that you want to protect, and then click Properties.
On the General tab, make sure that the file system is NTFS.
NOTE: If the file system is FAT, this solution will not work. If you want to convert the file system to NTFS, see the following Knowledge Base article:Q214579 How to Use Convert.exe to Convert a Partition to NTFS
Protect the page
For Windows 2000
Move the page or pages that you want to protect into a separate folder, taking care to update your hyperlinks if necessary. To do this, follow these steps:
Right-click Start and click Explore to open Windows Explorer.
Browse to the folder that contains your Web content.
Select the top-level folder of your Web content. On the File menu, point to New and then click Folder.
Give the folder a name and press ENTER.
Hold down CTRL and select each of the pages that you want to protect.
Right-click the pages and click Copy.
Right-click the new folder and click Paste.
NOTE: If you have hyperlinks to these pages, you need to update them to reflect the new location.
Right-click Start and click Explore to open Windows Explorer.
Click the content folder that contains the page or pages that you want to protect.
Right-click the folder, click Properties, and then click the Security tab.
Remove the Everyone group from the list of names in the top pane.
IMPORTANT: Do not remove SYSTEM.Click Add.
Type the names of the users or groups to whom you want to grant access to the page.
Click OK. Note that these users and groups must already be part of the domain in which the Web server resides. If they are not, you must add them before you proceed.
If you are prompted to choose from multiple instances of the name, choose the one or ones to which you want to grant access. Click OK.
In the top pane, select the user or group that you just added and then select the permissions that you want to grant in the bottom pane. Generally Read and Execute permissions are sufficient, but in some cases you may wish to grant Write or Full Control permissions.
Click OK.
For Windows NT 4.0
Move the page or pages that you want to protect into a separate folder, taking care to update your hyperlinks if necessary. To do this, follow these steps:
Right-click Start and click Explore to open Windows Explorer.
Browse to the folder that contains your Web content.
Select the top-level folder of your Web content. On the File menu, point to New and then click Folder.
Give the folder a name and press ENTER.
Hold down the CTRL key and select each of the pages that you want to protect.
Right-click the pages and click Copy.
Right-click the new folder and click Paste.
NOTE: If you have hyperlinks to these pages, you need to update them to reflect the new location.
Right-click Start and click Explore to open Windows Explorer.
Click the content folder that contains the page or pages that you want to protect.
Right-click the folder, click Properties, and then click the Security tab.
Click Permissions and select Replace Permissions on Existing File.
Remove the Everyone group from the list of names in the top pane.
IMPORTANT: Do not remove SYSTEM.Click Add and type the names of the users or groups to whom you want to grant access to the page.
Click OK. Note that these users and groups must already be part of the domain in which the Web server resides. If they are not, you must add them before you proceed.
If you are prompted to choose from multiple instances of the name, choose the one or ones to which you want to grant access. Click OK.
On the Type of Access list, select the appropriate permissions. Generally Read and Execute are sufficient, but in some cases you may wish to grant Write or Full Control.
Click OK.
Additional information
For more information about NTFS permissions, see the following Knowledge Base article:
Q187506 List of NTFS Permissions Required for IIS Site to Work
For general information about permissions in Windows NT and Windows 2000, see the following Knowledge Base articles:
Q148437 Default NTFS Permissions in Windows NT
Q266118 How to Restore the Default NTFS Permissions for Windows 2000."
About the Author
You May Also Like