• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1221
  • Last Modified:

Sharepoint subsite permissions not working, how can I fix it and prevent unauthorized viewing?

We recently upgraded from 2003 to 2007.  I restored an upgraded site collection with one subsite on our new MOSS server using stsadm.  The subsite was an administration site that didn't allow access to anyone outside my team.  Now everyone has access and can view everything.  The problem is that even if I remove everyone - groups, all people, site permissions - a random test account I created and other users I've checked can still open the site and view anything they click on.  I broke permissions from the parent site (which never should have existed) but still when I create groups or change permissions within the subsite, the change is also added to the parent site and vice versa but has no real effect on actual permissions.  

Taking another direction, I tried creating a new subsite without inheriting during creation but the problem still exists.  Any random user can view the site's content.  Anonymous access is disabled and Authenticated users are NOT added.  I removed them from the parent site as well which seemingly did nothing for either site.  Could this have something to do with all users being listed under "All People" after restoring the parent site?  Is there a way to remove all users and any ties in the database to start fresh?
0
blueonair
Asked:
blueonair
  • 3
  • 2
1 Solution
 
Steve_NJCommented:
Don't focus on "groups" and "all people", those show up in all sites regardless (and if you start deleting them you could jack up all your sites) but have no permissions if you don't give them out. what you need to do is just look at "site permissions" and see what is added there. if there is a group there, then see who is in the group etc.
SharePoint security is fairly straight forward. If they didn't have permissions they would not be able to see anything, period. its not a problem with the system, you without a doubt still have users with permissions somewhere still. It exists either on the site, or somehow at a level higher up they got WAY more permissions then they should and can see the sub site.
0
 
blueonairAuthor Commented:
Thanks for your response Steve, unfortunately I've tried to remove everyon from Site Permissions.  Even if the list is empty I can login using another laptop with a different user and browse right to the admin site and start clicking through the lists and documents.  I can't make changes but that's besided the point.  I know what it should do, and that works when i create a new site collection but somehow it seems broken with this site collection. If I add someone from my team and change their permissions from modify to read-only, the permission takes affect, but for someone who isn't listed, they still have read access.  I've also tried explicitely removing access to certain lists to all but myself and I have no luck.  Other users can still see the contents.  Any other ideas?
0
 
Steve_NJCommented:
It sounds like somehow they have permissions at a much higher level. Check in central admin as well in application settings, link for "policies for web application" ( i i think that is the one, but it is certainly one in that bunch of 4 or 5 links) see if somehow all authenticated users got added or something along that lines. If you can screenshot the permissions for the site/groups etc  for that site and the top level of the site collection that would also help.
0
 
blueonairAuthor Commented:
I found an entry for authenticated users (all zones) with full read access.  If that gives all users access by default then i don't understand why when I created new site collections in the past, i still needed to add authenticated users before anyone was able to access the site.  My only thought is that this was created when our overseas offices implemented Search globally.  Now I hope that it's not broken but when i remove this it works!  ACESS DENIED.  Thanks for you help,
0
 
blueonairAuthor Commented:
Home run on the second pitch.  I researched this all day and didn't once see something about Policy for Web Apps.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now