Assigning private virtual directory in IIS 6.0 for each user from web (Windows 2003 AD)

Posted on 2009-02-16
Last Modified: 2012-05-06

I'm wondering how to actually configure personal directory for user using IIS 6.0 ?
the idea is so that from web browser User John can only browse directory /John not the other directory.

I've created user John and giving the directory permission access only to John and Administrator by right clicking the folder in Explorer, but John still be able to browse the other directory ?

any idea would be appreciated.

Question by:jjoz
    LVL 16

    Expert Comment

    Disallow John 'browse' in other directories, disallow IUSR_XXX in other directories in Folder security
    Check you haven't inherited permissions in the folders below the root folder
    and turn off anonymous directory browsing in IISMgr
    LVL 1

    Author Comment

    how can you disallow user "John" browse in IIS ?
    if I uncheck the "Directory Browsing" John also could not browse his own directory.
    LVL 51

    Expert Comment

    Sorry, out of the box IIS doesn't support this level of granularity for permissions.
    LVL 2

    Expert Comment

    Correct me if I am wrong but i think this is what i think you need.

    Active Directory user name John access to
    But if someone other than John trys to hit that URL it would prompt them to login... because they are denied?

    To do that here is the steps.

    Open your IIS control panel, find the site you are hosting your member's pages on, left click on it to select it.

    Right click on the virutal directory you have already created, in this case John > Click properties

    Click on the tab entitled Directory Security > There is a section called "Authentication and Access Control" click the button Edit in this section.

    By default it should be inheriting the settings from the parent members website, which would most likely allow annonymous access. Unclick this if this is the case.
    While in this screen also make sure you are using the Integrated Windows Authentication... you could use others too, but this is the easiest to setup right now. (essentially plug and play for an AD environment)

    Click okay and close out of the properties windows that are open.

    Make sure that only John and whomever should be able to view this directory have actual read permissions of this directory by going through windows explorer and manipulating the permissions (which by the sounds of it, you have already done)

    I hope this is what you need... Let us know if not.
    LVL 1

    Accepted Solution


    You almost correct, actually the solution to this problem is to remove the check in "allow inheritable permissions from the parent to propagate to this object"

    after that i can specify explicitly on the list who has the access to hat website through IIS.

    thanks to all anyway for replying and giving comments on this thread.

    LVL 2

    Expert Comment

    np, have a good night!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now