Security on Windows NT
In FrontPage 98 and later, you can set up a single user and group list for each FrontPage-extended web. Then, when administrators use the FrontPage client to give permissions to administrators, authors, and site visitors, they do not see the full Windows NT account list of the server. This lets you protect the confidentiality of your user community.
To set up restricted Windows NT account lists, do the following:
Setting the registry key
You can set the global RestrictIISUsersAndGroups to 0 to globally disable restrictions, and then you can override the setting on specific virtual servers.
Naming the restricted group
On a multihosted IIS2.0/3.0 machine, [VirtualServer] is the server's IP address and port number combination, and [_Directories][_Subweb] is the URL of the subweb. An example for the root web is FP_172.17.123.255:80. For a subweb, an example is FP_172.17.123.255:80_directory1_MySubWeb1_directory2_MySubWeb2. This is the nested subweb at the URL http://172.17.123.255:80/directory1/MySubWeb1/directory2/MySubWeb2. On a single-hosted machine, [VirtualServer] is the port number. For example, FP_80 is the virtual server at port 80 when this port is not specifically bound to an IP address in the Internet Service Manager.
On IIS 4.0 and later, [VirtualServer] can be of the form /LM/W3SVC/N, where N is an instance number. An example of this form for a root web is FP_/LM/W3SVC/1. An example for a subweb of this virtual server is FP_/LM/W3SVC/1_MySubWeb. Another variation of this form is to use the host name. For a root web, an example is FP_www.microsoft.com:80, and for a subweb, FP_www.microsoft.com:80_MySubWeb. On a single-hosted machine, [Virtual Server] could be configured as the port number, as in FP_80. The other IIS 4.0 options will work in this case as well.
If restrictions are enabled on a subweb but no local group is defined, the FrontPage Server Extensions look for the group of the parent web and use it, if it exists. This is repeated recursively if the subweb is nested within another subweb. If no appropriately named group is found, then no restriction is placed on permissions.
|7 of 9||TOP|
|Last Updated June 1999