Windows Server 2000/2003 Thread, IIS access by group? in Technical; The teachers have requested access to the student folders from off site.
"Sure thing." I say before I snicker at ...
30th January 2009, 12:09 AM #1
IIS access by group?
The teachers have requested access to the student folders from off site.
"Sure thing." I say before I snicker at their ignorance about all things computerish as they walk away.
These student folder are divided up by graduation year, then by student. Teachers have read/write access to all files. Students have access to their grade year as read, and read/write access to their folder.
I set up IIS on the file server, made the root of the student folders home to IIS, (no index.php or html, so they can just lok at the folders/files for now).
I then went to the Authentication Access Controll in IIS and removed anon user and added Digest Authent for windows domain... Went back to the site and it requires me to add my user/pass..
I then logged out, and was also able to log in as a student and see the same as a teacher. (So they could technically cheat by looking at other students files.)
I do have the teachers and students into seperate groups on the domain however, so is there a way to only give access to the Teachers group in IIS?
30th January 2009, 12:33 AM #2
If the site is using windows authentication and is logged in as the student then NTFS permissions will apply. I would check out if the same student account is able to view the file listing directly by mapping a drive to the UNC path using student credentials.
I would have serious doubts about opening this to the outside world without at least SSL on top of the windows authentication as otherwise all of the files and even authentication can be sent in plain text which is exceptionally insecure.
You may be able to lock it down a bit more with a web.config file in the root folder that they are presented with first or on subsiquent high level folders:
Last edited by SYNACK; 30th January 2009 at 12:46 AM.
Thanks to SYNACK from:
jmair (3rd February 2009)
3rd February 2009, 07:29 PM #3
Thank you kindly! I'll test that out today.
3rd February 2009, 07:49 PM #4
I would't expose your server like that it isn't secure. I would use a SSL-VPN solution with a webinterface like SonicWall or Cisco VPN
3rd February 2009, 08:46 PM #5
Why "snicker at their ignorance"? From what you've written they've not shown any ignorance - they've asked for something perfectly reasonable (given that they already have that access inside school, why shouldn't they have it outside school? It's possible to argue that teachers shouldn't have blanket access at all but that doesn't seem to be the point you're making)
Originally Posted by jmair
Last Post: 22nd May 2008, 05:36 PM
Last Post: 31st May 2007, 05:15 PM
By ryan_powell in forum How do you do....it?
Last Post: 18th October 2006, 11:38 AM
By timbo343 in forum Windows
Last Post: 13th October 2006, 03:23 PM
By ryan_powell in forum Web Development
Last Post: 9th September 2006, 09:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread