DOCUMENT:Q247099 20-OCT-2000 [iis] TITLE :Access Denied Connecting to FTP Directory Using "Connect As" PRODUCT :Internet Information Server PROD/VER:winnt:1.0,2.0,3.0,4.0,5.0 OPER/SYS: KEYWORDS:kbOSWin2000 ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server versions 1.0, 2.0, 3.0, 4.0 - Microsoft Internet Information Services version 5.0 ------------------------------------------------------------------------------- SYMPTOMS ======== When accessing an FTP site whose Home Directory connects to a remote share using a UNC path with the "Connect As" feature, one of the following symptoms might occur: - The Access Control List (ACL) permissions of the user account logged onto the FTP session are not used to determine the access permissions for the Home Directory. - The following error occurs: Access Denied CAUSE ===== This is by design. The Home Directory uses the credentials of the user account and password specified in the "Connect As" feature to connect to the UNC. All access permissions to the Home Directory are determined by the ACLs for that "Connect As" user account. Therefore, the credentials (and associated permissions) for the user account that was used to log onto the FTP site are not used to determine access to the UNC Home Directory. RESOLUTION ========== To avoid these problems, do one of the following, depending on your situation: - Do not use the UNC and "Connect As" feature for the Home Directory. Instead, specify a Home Directory on the local computer. - Specify a user account for the "Connect As" feature that has the appropriate ACL permissions needed by the FTP site users. MORE INFORMATION ================ The settings for the UNC and "Connect As" option are specified in the Home Directory tab of the FTP site's property sheet in the MMC. The user account specified in the "Connect As" option must be a local user account on both the FTP site computer as well as the UNC file server computer, or must be a domain user account. Additional References --------------------- For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base: Q239120 Create a Secure FTP Directory that Uses Password Authentication Q237987 FTP GET Does Not Work Correctly on UNC Virtual Directories Q201771 How To Set Up an FTP Site So That Users Log Onto Their Folders Q195259 FTP Site Mapped to a Remote Share May Have Access Problems Q185377 Users Cannot Access FTP or Web Site Additional query words: virtual directory vdir remote share granted storage device restricted ntfs username privileges access Universal Naming Convention ====================================================================== Keywords : kbOSWin2000 Technology : kbiisSearch kbiis500 kbiis400 kbiis300 kbiis200 kbiis100 Version : winnt:1.0,2.0,3.0,4.0,5.0 Issue type : kbprb Solution Type : kbpending ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2000.