+ Post New Thread
Results 1 to 5 of 5
Windows Server 2000/2003 Thread, IIS access by group? in Technical; The teachers have requested access to the student folders from off site. "Sure thing." I say before I snicker at ...
  1. #1
    jmair's Avatar
    Join Date
    Aug 2007
    Posts
    274
    Thank Post
    58
    Thanked 9 Times in 9 Posts
    Rep Power
    16

    IIS access by group?

    The teachers have requested access to the student folders from off site.
    "Sure thing." I say before I snicker at their ignorance about all things computerish as they walk away.

    These student folder are divided up by graduation year, then by student. Teachers have read/write access to all files. Students have access to their grade year as read, and read/write access to their folder.

    I set up IIS on the file server, made the root of the student folders home to IIS, (no index.php or html, so they can just lok at the folders/files for now).
    Works great.

    I then went to the Authentication Access Controll in IIS and removed anon user and added Digest Authent for windows domain... Went back to the site and it requires me to add my user/pass..

    I then logged out, and was also able to log in as a student and see the same as a teacher. (So they could technically cheat by looking at other students files.)

    I do have the teachers and students into seperate groups on the domain however, so is there a way to only give access to the Teachers group in IIS?

    Thanks!

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,060
    Thank Post
    853
    Thanked 2,675 Times in 2,269 Posts
    Blog Entries
    9
    Rep Power
    768
    If the site is using windows authentication and is logged in as the student then NTFS permissions will apply. I would check out if the same student account is able to view the file listing directly by mapping a drive to the UNC path using student credentials.

    I would have serious doubts about opening this to the outside world without at least SSL on top of the windows authentication as otherwise all of the files and even authentication can be sent in plain text which is exceptionally insecure.

    http://www.authenticationtutorial.com/tutorial/

    You may be able to lock it down a bit more with a web.config file in the root folder that they are presented with first or on subsiquent high level folders:

    http://www.velocityreviews.com/forum...icationgt.html
    Last edited by SYNACK; 29th January 2009 at 11:46 PM.

  3. Thanks to SYNACK from:

    jmair (3rd February 2009)

  4. #3
    jmair's Avatar
    Join Date
    Aug 2007
    Posts
    274
    Thank Post
    58
    Thanked 9 Times in 9 Posts
    Rep Power
    16
    Thank you kindly! I'll test that out today.

  5. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,824
    Thank Post
    875
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    I would't expose your server like that it isn't secure. I would use a SSL-VPN solution with a webinterface like SonicWall or Cisco VPN

  6. #5

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Quote Originally Posted by jmair View Post
    The teachers have requested access to the student folders from off site.
    "Sure thing." I say before I snicker at their ignorance about all things computerish as they walk away.

    These student folder are divided up by graduation year, then by student. Teachers have read/write access to all files. Students have access to their grade year as read, and read/write access to their folder.
    Why "snicker at their ignorance"? From what you've written they've not shown any ignorance - they've asked for something perfectly reasonable (given that they already have that access inside school, why shouldn't they have it outside school? It's possible to argue that teachers shouldn't have blanket access at all but that doesn't seem to be the point you're making)

SHARE:
+ Post New Thread

Similar Threads

  1. IIS 6 Access control
    By Ryan in forum Windows
    Replies: 14
    Last Post: 22nd May 2008, 04:36 PM
  2. Replies: 2
    Last Post: 31st May 2007, 04:15 PM
  3. Front-end IIS server, forward requests to Back-end IIS
    By ryan_powell in forum How do you do....it?
    Replies: 5
    Last Post: 18th October 2006, 10:38 AM
  4. Cannot Access group policy objects
    By timbo343 in forum Windows
    Replies: 35
    Last Post: 13th October 2006, 02:23 PM
  5. External Web Access to IIS 6.0 Server
    By ryan_powell in forum Web Development
    Replies: 24
    Last Post: 9th September 2006, 08:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •