Users are unable to open or create Web folder for restricted FrontPage Web (230169)


The information in this article applies to:

  • FrontPage 2000 Server Extensions from Microsoft
This article was previously published under Q230169

SYMPTOMS

After you create a FrontPage Web that is set to Only registered users have browse and you add an account with Author or Administer permission, users cannot create a Web Folder for this Web or open the Web in FrontPage 2000 or any other Microsoft Office 2000 application. This problem occurs for IIS Web servers running version 4.0.2.2717 of the FrontPage 2000 Server Extensions. The user receives multiple authentication dialogs that never authenticate, and eventually, one of the following error messages occurs:
You do not have permission to access this Web Folder location.
You are not authorized to perform the current operation.

CAUSE

The problem occurs because when the Web is set to Only registered users have browse, the Everyone group is removed from the access control lists on the Web, and access to _vti_pvt is restricted. In this case, FrontPage fails to write the Network and Interactive groups to the _vti_pvt folder. This restriction prevents the valid user from opening the Web or creating a Web Folder because access to the configuration files in _vti_pvt are required in order to perform the operation.

WORKAROUND

To work around this problem, add the Network and Interactive groups to the _vti_pvt folder. This is achieved by performing a Check Server Extensions. On the IIS 4.0 Web server where the Web was created, do the following:
  1. On the IIS 4.0 Web server, click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Service Manager.
  2. Under Internet Information Server, select the computer name, and click the Virtual Server where the restricted subweb resides.
  3. Right-click the Virtual Server, point to Task, and click Check Server Extensions. When asked to tighten security as much as possible for all FrontPage Webs, click Yes.
  4. After you complete the Check Server Extensions, the Web will be accessible by the user. Also, if the permissions for the _vti_pvt folder for the Web are viewed in Windows Explorer, the Network and Interactive groups are listed.

To avoid fixing this problem for other new subwebs, use the following steps:
  1. Open the root Web for the Virtual Server in FrontPage.
  2. On the Tools menu, point to Security, and click Permissions.
  3. On the Groups tab, click Everyone, click Remove, and then click OK.
  4. Click Tools, click Security, and then click Permissions. On the Users tab, select Everyone has browse access and click OK.
  5. When permissions are propagated to new subewbs, the new permissions on the root Web are initially inherited. This step helps to ensure the correct permissions are inherited when creating a new subweb.

STATUS

Microsoft has confirmed that this is a problem in the FrontPage 2000 Server Extensions.
Modification Type:MinorLast Reviewed:8/2/2004
Keywords:kbpermissions kbnewfile kberrmsg kbweb kbopenfile kbbug kbpending KB230169
©2004 Microsoft Corporation. All rights reserved.