blueonair
asked on
Sharepoint subsite permissions not working, how can I fix it and prevent unauthorized viewing?
We recently upgraded from 2003 to 2007. I restored an upgraded site collection with one subsite on our new MOSS server using stsadm. The subsite was an administration site that didn't allow access to anyone outside my team. Now everyone has access and can view everything. The problem is that even if I remove everyone - groups, all people, site permissions - a random test account I created and other users I've checked can still open the site and view anything they click on. I broke permissions from the parent site (which never should have existed) but still when I create groups or change permissions within the subsite, the change is also added to the parent site and vice versa but has no real effect on actual permissions.
Taking another direction, I tried creating a new subsite without inheriting during creation but the problem still exists. Any random user can view the site's content. Anonymous access is disabled and Authenticated users are NOT added. I removed them from the parent site as well which seemingly did nothing for either site. Could this have something to do with all users being listed under "All People" after restoring the parent site? Is there a way to remove all users and any ties in the database to start fresh?
Taking another direction, I tried creating a new subsite without inheriting during creation but the problem still exists. Any random user can view the site's content. Anonymous access is disabled and Authenticated users are NOT added. I removed them from the parent site as well which seemingly did nothing for either site. Could this have something to do with all users being listed under "All People" after restoring the parent site? Is there a way to remove all users and any ties in the database to start fresh?
ASKER
Thanks for your response Steve, unfortunately I've tried to remove everyon from Site Permissions. Even if the list is empty I can login using another laptop with a different user and browse right to the admin site and start clicking through the lists and documents. I can't make changes but that's besided the point. I know what it should do, and that works when i create a new site collection but somehow it seems broken with this site collection. If I add someone from my team and change their permissions from modify to read-only, the permission takes affect, but for someone who isn't listed, they still have read access. I've also tried explicitely removing access to certain lists to all but myself and I have no luck. Other users can still see the contents. Any other ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found an entry for authenticated users (all zones) with full read access. If that gives all users access by default then i don't understand why when I created new site collections in the past, i still needed to add authenticated users before anyone was able to access the site. My only thought is that this was created when our overseas offices implemented Search globally. Now I hope that it's not broken but when i remove this it works! ACESS DENIED. Thanks for you help,
ASKER
Home run on the second pitch. I researched this all day and didn't once see something about Policy for Web Apps.
SharePoint security is fairly straight forward. If they didn't have permissions they would not be able to see anything, period. its not a problem with the system, you without a doubt still have users with permissions somewhere still. It exists either on the site, or somehow at a level higher up they got WAY more permissions then they should and can see the sub site.