We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Assigning private virtual directory in IIS 6.0 for each user from web (Windows 2003 AD)

Medium Priority
322 Views
Last Modified: 2012-05-06
Hi,

I'm wondering how to actually configure personal directory for user using IIS 6.0 ?
the idea is so that from web browser User John can only browse directory /John not the other directory.

I've created user John and giving the directory permission access only to John and Administrator by right clicking the folder in Explorer, but John still be able to browse the other directory ?

any idea would be appreciated.

Thanks.
Comment
Watch Question

WadskiIT Director
CERTIFIED EXPERT

Commented:
Disallow John 'browse' in other directories, disallow IUSR_XXX in other directories in Folder security
Check you haven't inherited permissions in the folders below the root folder
and turn off anonymous directory browsing in IISMgr

Author

Commented:
Wadski,
how can you disallow user "John" browse in IIS ?
if I uncheck the "Directory Browsing" John also could not browse his own directory.
Ted BouskillSenior Software Developer
CERTIFIED EXPERT
Top Expert 2009

Commented:
Sorry, out of the box IIS doesn't support this level of granularity for permissions.

Commented:
Correct me if I am wrong but i think this is what i think you need.

Active Directory user name John access to http://members.yoursite.com/John
But if someone other than John trys to hit that URL it would prompt them to login... because they are denied?

To do that here is the steps.

Open your IIS control panel, find the site you are hosting your member's pages on, left click on it to select it.

Right click on the virutal directory you have already created, in this case John > Click properties

Click on the tab entitled Directory Security > There is a section called "Authentication and Access Control" click the button Edit in this section.

By default it should be inheriting the settings from the parent members website, which would most likely allow annonymous access. Unclick this if this is the case.
While in this screen also make sure you are using the Integrated Windows Authentication... you could use others too, but this is the easiest to setup right now. (essentially plug and play for an AD environment)

Click okay and close out of the properties windows that are open.

Make sure that only John and whomever should be able to view this directory have actual read permissions of this directory by going through windows explorer and manipulating the permissions (which by the sounds of it, you have already done)

I hope this is what you need... Let us know if not.
Commented:
pironic,

You almost correct, actually the solution to this problem is to remove the check in "allow inheritable permissions from the parent to propagate to this object"

after that i can specify explicitly on the list who has the access to hat website through IIS.

thanks to all anyway for replying and giving comments on this thread.

Cheers.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Commented:
np, have a good night!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.