Access Control List Settings

---

Microsoft Corporation

Updated April 15, 1999

The Microsoft® FrontPage® Server Extensions administration tools — the Fpsrvadm and Fpremadm utilities, the FrontPage Server Extensions MMC Snap-in, and the FrontPage Server Extensions HTML Administration Forms — modify the ACLs for files and folders when the administrator of a FrontPage-extended web uses these tools. Also, the FrontPage client sets ACLs at authoring time. For example, when an author creates a new folder or page in a FrontPage-extended web, the FrontPage client sets the ACLs on the new page or folder.

The set of ACLs for a FrontPage-extended web is listed in the following table. The first column identifies the type of folder or file on which the ACLs are set. The second column describes the ACL setting on that file or folder. The third column applies only to folders. It describes the ACL settings for new content that is created in that folder by an author or administrator who is using the FrontPage client.

Table 1 Permissions for the Content of a FrontPage-extended web on Microsoft Internet Information Server (IIS)

Web folder or content	Access control list setting	Setting on new content created within the folder
Top-level folder of root web or subweb	site visitors: read, execute authors: read, execute, write, delete administrators: read, execute, write, delete, change permissions	site visitors: read authors: read, write, delete administrators: read, write, delete, change permissions
A folder of a web below the top-level folder	site visitors: read authors: read, execute, write, delete administrators: read, execute, write, delete, change permissions	site visitors: read authors: read, write, delete administrators: read, write, delete, change permissions
Executable folder	Making a folder executable does not change the current ACL.	Making a folder executable adds execute permissions for site visitors, authors, and administrators to the current ACL.
Folder containing form results	If a folder contains discussion group or database form handler results, FrontPage adds write permissions for site visitors to the current ACL.	If a folder contains discussion group or database form handler results, FrontPage adds write permissions for site visitors to the current ACL.
FrontPage _vti_pvt folder	site visitors: read, execute, write, delete authors: read, execute, write, delete administrators: read, execute, write, delete, change permissions	site visitors: read, write, delete authors: read, write, delete administrators: read, write, delete, change permissions
FrontPage _vti_log folder	site visitors: read, execute, write, delete authors: read, execute, write, delete administrators: read, execute, write, delete, change permissions	site visitors: read, write, delete authors: read, write, delete administrators: read, write, delete, change permissions
FrontPage _vti_txt folder	site visitors: read, execute, write, delete authors: read, execute, write, delete administrators: read, execute, write, delete, change permissions	site visitors: read, write, delete authors: read, write, delete administrators: read, write, delete, change permissions
content files	site visitors: read authors: read, write, delete administrators: read, write, delete, change permissions	-
Files in folder containing form results	Adds write permissions for site visitors to the current ACL.	-

 

When an administrator sets the ACLs for a FrontPage-extended web using the FrontPage client's Permissions command, FrontPage displays the Microsoft Windows NT® computer account list by default. You can set up a restricted list of users and groups that does not expose the entire contents of the Windows NT computer and domain account lists. This lets you protect the confidentiality of your user community. For details, see "Restricting Windows NT Account Lists."

Notes

• FrontPage grants full control to all files (all) (all) for members of the Windows NT Administrators group and the SYSTEM account.
• FrontPage adds execute permissions for site visitors, authors, and administrators to folders that are marked with an executable virtual root. The execute permission is allowed only if the Allow authors to upload executables check box is selected in the Properties dialog box for the FrontPage-extended web. See "FrontPage MMC Snap-in" for details. If this setting is off for a FrontPage-extended web (which is the default), execute permissions will never be applied, and the default content permissions will be used even if the directory is marked as executable. In IIS 2.0 and IIS 3.0, the execute permission affects all files in a directory, including DLLs, executable files, and interpreted scripts such as .asp and .pl files. On IIS 4.0 and later, the execute permission affects only DLLs and executable files, and, depending on the server configuration, may not affect interpreted script files.
• The form results folder setting is used by FrontPage only on files that contain the results of a form that uses the default form handler. For a discussion form handler, this setting is placed on the directory for that discussion.
• If the Anonymous browsing allowed check box is selected in the FrontPage client's Permissions dialog box, anonymous browsing for a web is implemented. This is done by adding the anonymous account IUSR_machinename, with read permission, to the ACLs for all files in the web.