DOCUMENT:Q280799 14-DEC-2000 [iis] TITLE :Documents Indexed on Remote Shares Are Returned to All Users PRODUCT :Internet Information Server PROD/VER::2.0 OPER/SYS: KEYWORDS:kbDSupport ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Indexing Service - Microsoft Index Server version 2.0 ------------------------------------------------------------------------------- SYMPTOMS ======== When you use the Indexing Service to index documents that are stored on remote shares, the check for the current users' permissions against the Access Control Lists (ACLs) on the documents is not enforced when searches are performed. Therefore, a search may return documents that the user who performs the search does not have read access to. In addition, a search results page often displays a small section (called an "abstract") of the document in the result set. In this case, document information is displayed that the user who performs the search does not have permission to read. CAUSE ===== When you add a remote path to an Index Server catalog, either by adding a remote virtual root to an indexed Web site or by adding a remote path directly to the Index Server catalog, you must supply a valid user name and password to map to the remote share. The user name and password are used to access the remote resource to index the documents that are stored there. When a search is performed against an Index Server catalog for documents that are indexed at a remote location, the context of the account that is used to map to the remote location is used to build the results of the search. Therefore, the search results for a remote location include all documents that the mapping account has access to at that location, regardless of the access permissions of the current user who performs the search. WORKAROUND ========== To obtain search results that include only documents that the user who performs the search has read access to, perform one of the following workarounds: - Store all documents on the same computer as the Indexing Service. - Use the Search service that comes with Microsoft Site Server 3.0. This indexes the ACLs on NTFS files that are stored remotely and locally. MORE INFORMATION ================ The current user context is used for security checks against documents that are indexed locally. The search result set returns only local documents that the user who performs the search has read access to. Additional query words: UNC security crawl ====================================================================== Keywords : kbDSupport Technology : kbIdxServSearch kbAudDeveloper kbIdxServ100 kbIdxServ200 Version : :2.0 Issue type : kbprb Solution Type : kbpending ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2000.