This appendix lists the detailed, minimum file permission settings that must be in place for FrontPage to perform as designed. Any reference to shtml.dll, author.dll, or admin.dll applies equally to their CGI counterparts: shtml.exe, author.exe, and admin.exe on IIS 1.x servers. FrontPage only edits ACLs, it never affects the permissions of any accounts not listed below on any files.
The FrontPage 98 Server Administrator (fpsrvwin.exe) has a "Check and Fix" button that can correct problems in NTFS permissions. The following is list of files shows the minimum permissions required for FrontPage. This feature will set the file permissions to those listed below but will not correct:
\WINNT\frontpg.ini
| INTERACTIVE | Read (R) |
| NETWORK | Read (R) |
\WINNT\system\fp30utl.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system\fp30txt.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system\fp30wel.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system32\infoadmn.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system32\mfc42.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system32\msvcirt.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system32\msvcrt.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system32\netapi32.dll
| INTERACTIVE | Read (RX)(RX) | |
| NETWORK | Read (RX)(RX) | |
\WINNT\system32\netrap.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system32\rpcltc1.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system32\samlib.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\WINNT\system32\wsock32.dll
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
The FrontPage installation directory defaults to C:\Program Files\Microsoft FrontPage, but the directory can be changed by the user during the installation process.
\Microsoft FrontPage\version3.0\servsupp\
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\Microsoft FrontPage\version3.0\servsupp\fp30msft.dll
| INTERACTIVE | Read (RX) |
| NETWORK | Read (RX) |
\Microsoft FrontPage\version3.0\servsupp\servers.cnf
| INTERACTIVE | Special Access (R) |
| NETWORK | Special Access (R) |
\Microsoft FrontPage\version3.0\bin\
| INTERACTIVE | List (RX)(Not Specified) |
| NETWORK | List (RX)(Not Specified) |
\Microsoft FrontPage\version3.0\bin\fp30vss.dll
| INTERACTIVE | Read (RX) |
| NETWORK | Read (RX) |
\Microsoft FrontPage\version3.0\bin\fpext*.msg
These files are only present for multi-language support, and are not normally present in an English installation of the FrontPage Server Extensions.
| INTERACTIVE | Read (RX) |
| NETWORK | Read (RX) |
\Microsoft FrontPage\version3.0\isapi\
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\shtml.dll
| INTERACTIVE | Read (RX) |
| NETWORK | Read (RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_adm\
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_adm\admin.dll
| INTERACTIVE | Read (RX) |
| NETWORK | Read (RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_aut\
| INTERACTIVE | Read (RX)(RX) |
| NETWORK | Read (RX)(RX) |
\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_aut\author.dll
| INTERACTIVE | Read (RX) |
| NETWORK | Read (RX) |
\Microsoft FrontPage\version3.0\temp\
| INTERACTIVE | Special Access (RWX)(RWX) |
| NETWORK | Special Access (RWX)(RWX) |
\Microsoft FrontPage\version3.0\temp\frontpg.lck
| INTERACTIVE | Special Access (RW) |
| NETWORK | Special Access (RW) |
"Check Installation" on an existing FrontPage web will only affect the following files and directories in the web content root area - it will not make any adjustment to NTFS permissions in FrontPage sub webs unless the "tighten permissions" option is chosen. The minimum level of permissions required in FrontPage sub-webs will be set during the "tighten permissions" option. In addition to the permissions listed below, browsers will need READ permissions to shtml.dll, authors will need READ permissions to author.dll, and administrators will need READ permissions to admin.dll. This listing assumes a web content area of \inetpub\wwwroot.
\inetpub
All directories enclosing the content root will grant LIST permissions to these accounts.
| INTERACTIVE | List (RX)(Not Specified) |
| NETWORK | List (RX)(Not Specified) |
\inetpub\wwwroot
| INTERACTIVE | List (RX)(Not Specified) |
| NETWORK | List (RX)(Not Specified) |
\inetpub\wwwroot\_vti_pvt
| INTERACTIVE | Special Access (RWXD)(RWD) |
| NETWORK | Special Access (RWXD)(RWD) |
\inetpub\wwwroot\_vti_pvt\botinfs.cnf
| INTERACTIVE | Special Access (R) |
| NETWORK | Special Access (R) |
\inetpub\wwwroot\_vti_pvt\bots.cnf
| INTERACTIVE | Special Access (R) |
| NETWORK | Special Access (R) |
\inetpub\wwwroot\_vti_pvt\services.cnf
| INTERACTIVE | Special Access (R) |
| NETWORK | Special Access (R) |
\VSS\win32\ssapi.dll
This file's security settings are modified only if Visual SourceSafe 5 is installed.
| INTERACTIVE | (RX) |
| NETWORK | (RX) |
\VSS\win32\ssxx.dll
This file's security settings are modified only if Visual SourceSafe 5 is installed. The xx value is the country code, and ssus.dll is the default if no other country code is present.
| INTERACTIVE | (RX) |
| NETWORK | (RX) |
The following list is of additional file permissions assigned when FrontPage is installed. Add the following list to the list above for the complete picture of the effect of FrontPage installation on the server. This list assumes that the built in Windows NT groups "Administrators" and "SYSTEM" already have full control over the entire drive, and that the IUSR_<hostname> account is granted READ access to the web content before FrontPage is installed.
FrontPage will assume any account with READ access to the web content will need continued access after installation. Such accounts will become end users of the web content. IUSR_<hostname> is only granted access in the list below if it had access to the files at installation time. You can substitute "all user accounts with read access to the web content" in place of IUSR_<hostname>. Regardless of what level access these accounts were assigned prior to installation, they will be normalized to the access levels described below by the installation process.
FrontPage will assign "Administrators" and "SYSTEM" full control everywhere.
The installing account is explicitly given Admin rights throughout the content area even though they are already an admin. You must be a Windows NT Administrator to successfully run the FrontPage Server Administrator.
The FrontPage installation directory defaults to C:\Program Files\Microsoft FrontPage, but the directory can be changed by the user during the installation process.
\Microsoft FrontPage\temp\_x_todo.htm
| INTERACTIVE | Special Access (RWX) |
| NETWORK | Special Access (RWX) |
\inetpub\wwwroot\
| IUSR_<host_name> | Special Access (RWXD) (RWD) |
| The Installing Account | Special Access (RWXD) (RWD) |
All Browseable Content
| IUSR_<host_name> | Special Access (RX)(R) |
| The Installing Account | Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_vti_log\
| IUSR_<host_name> | Special Access (RWXD) (RWD) |
| The Installing Account | Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_vti_pvt\
| IUSR_<host_name> | Special Access (RWXD) (RWD) |
| The Installing Account | Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_vti_pvt\access.cnf
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\doctodep.btr
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\deptodoc.btr
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\linkinfo.cnf
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
| INTERACTIVE | Special Access (RWD) |
| NETWORK | Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\service.cnf
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
| INTERACTIVE | Special Access (RWD) |
| NETWORK | Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\services.org
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
| INTERACTIVE | Special Access (RWD) |
| NETWORK | Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\structure.cnf
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
| INTERACTIVE | Special Access (R) |
| NETWORK | Special Access (R) |
\inetpub\wwwroot\_vti_pvt\svcacl.cnf
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
| INTERACTIVE | Special Access (RWD) |
| NETWORK | Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\uniqperm.cnf
| IUSR_<host_name> | Special Access (RWD) |
| The Installing Account | Special Access (RWD) |
| INTERACTIVE | Special Access (RWD) |
| NETWORK | Special Access (RWD) |
\inetpub\wwwroot\_vti_txt\
| IUSR_<host_name> | Special Access (RWXD) (RWD) | |
| The Installing Account | Special Access (RWXD) (RWD) | |
| INTERACTIVE | Special Access (RWXD) (Not Specified) | |
| NETWORK | Special Access (RWXD) (Not Specified) | |
\inetpub\wwwroot\_vti_bin\
| IUSR_<host_name> | Read (RX)(RX) |
| The Installing Account | Read (RX)(RX) |
| INTERACTIVE | List (RX) (Not Specified) |
| NETWORK | List (RX) (Not Specified) |
\inetpub\wwwroot\_vti_bin\shtml.dll
| IUSR_<host_name> | Read (RX) |
| The Installing Account | Read (RX) |
\inetpub\wwwroot\_vti_bin\_vti_aut\
| The Installing Account | Read (RX)(RX) |
\inetpub\wwwroot\_vti_bin\_vti_aut\author.dll
| The Installing Account | Read (RX) |
\inetpub\wwwroot\_vti_bin\_vti_adm\
| The Installing Account | Read (RX)(RX) |
\inetpub\wwwroot\_vti_bin\_vti_adm\admin.dll
| The Installing Account | Read (RX) |
\inetpub\wwwroot\_vti_bot\
| The Installing Account | Read (RX) |
| NETWORK | Special Access (RX) (RX) |
| INTERACTIVE | Special Access (RX) (RX) |
\inetpub\wwwroot\_vti_cnf\
| IUSR_<host_name> | Special Access (RX) (R) |
| The Installing Account | Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_private\
| IUSR_<host_name> | Special Access (RX) (R) |
| The Installing Account | Special Access (RWXD) (RWD) |