Incorrect NTFS Permissions When Reducing Account to Browse (225202)



The information in this article applies to:

  • Microsoft FrontPage 98 for Windows

This article was previously published under Q225202

SYMPTOMS

When you modify a user's permissions in FrontPage Explorer, the user's NTFS permissions do not change on that Web's content.

CAUSE

The FrontPage Server Extensions do not properly reduce permissions on the Web folders and content when the lower-level permission is applied.

RESOLUTION

This problem has been fixed in the FrontPage 2000 Server Extensions. It is available for download from http://office.microsoft.com/assistance/default.aspx

To resolve this problem, upgrade the Web server to the FrontPage 2000 Server Extensions.

WORKAROUND

To work around the problem, remove the account and add it back with Browse permissions. To do this, use the following steps:

  1. Open the Web in FrontPage Explorer.
  2. From the Tools menu, click Permissions.
  3. In the Permissions dialog box, click the account that needs to be reduced to Browse permissions, click Remove, and then click Apply.
  4. To add the account back with Browse permissions, click Add, click the appropriate domain or server in the Obtain List From: box, click the account in the Names: box, and then click Add.
  5. In the Users Can section, make sure the radio button for Browse this web is selected.
  6. Click OK, click Apply, and then click OK.
  7. After you add the account back to the Web with Browse permissions, the NTFS permissions on the folders and content will be set to correctly Read and Execute and Read respectively.
After you set the account to Browse, another alternative is to use the FrontPage Server Administrator to Check and Fix the Web and tighten permissions using the following steps:

  1. On the Web Server, use Windows Explorer to navigate to c:\program files\microsoft frontpage\.
  2. Double-click FrontPage Server Administrator.
  3. In the Select server or port box, click the virtual server where permissions need to be tightened.
  4. Click the Check and Fix button.
  5. When asked, "Do you want FrontPage to tighten security as much as possible for all FrontPage webs?", click Yes.
  6. After you tighten security, the NTFS permissions on the folders and content for the account will be set correctly to Read and Execute and Read respectively.

MORE INFORMATION

When you demote an account in FrontPage from Administer or Author permissions down to Browse permissions on an IIS Web server using NTFS, the account's NTFS permissions on the folders and content remain as Read/Write/Execute/Delete (RWXD) for folders, and Read/Write/Delete (RWD) for files, respectively.

The NTFS permissions should be reduced to Read (R) for folders, and Read/Execute (RX) for files.

FrontPage reduces the permission on the Admin.dll and Author.dll files correctly, therefore if the account is reduced to Browse, it will not be able to open the Web in FrontPage for editing. You will still be able to access the content through Windows Explorer for editing, if the content is in a shared location.


Modification Type:MinorLast Reviewed:8/9/2004
Keywords:kbdownload kbprb KB225202