How To Restrict IIS 3.0 Users and Groups in FrontPage98

ID: Q200193

The information in this article applies to:
  • Microsoft FrontPage 98 for Windows

SUMMARY

To protect your server's Security Accounts Manager (SAM) database, you can hide the list of Windows NT Group and User accounts that are visible in FrontPage.

This article describes the steps necessary to hide your Windows NT Groups and Users.


MORE INFORMATION

When you want to restrict the Users and Groups displayed in FrontPage Permissions, do the following:

Note: You must have Administrator Privileges on the computer running Windows NT Server in order to perform the steps below.

  1. Use the User Manager for Domains to create a Local Windows NT Group. For IIS 2.0 and 3.0 with single hosted computer, create a group called "FP_ServiceName" (without the quotation marks), where ServiceName is the IP address and port number combination. If it is a single-hosted computer, the ServiceName will be the port number only.


  2. Edit the Frontpg.ini file to include the following line in the [FrontPage 3.0] section:
    RestrictIISUsersAndGroups=1


The settings described in step 2 are global to the Web server. This means that the ability to restrict groups is global for all virtual servers and all subwebs on that server. On a multihosted computer, you can set this individually by server. To do this, follow the steps below:
  1. In the User Manager for Domains, create a Local Windows NT Group. For IIS 2.0 and 3.0 with a multihosted server, create a group called "FP_ServiceName" (without the quotation marks).


  2. Edit the Frontpg.ini file to include the following line in the [Ports] section:
    RestrictIISUsersAndGroups=1


By using this setting, FrontPage will only see one or none of the Windows NT Groups, rather than all that are available. The Group that FrontPage looks for is the special Group that you will create in step 1. If you have subwebs and want to restrict access to the security accounts for only the subweb, you should create a group for the subweb. This special group should be named in the following format:
FP_ServiceName_[SubWeb]
If you are only using a root Web, exclude the [_Subweb] setting. In other words, your Windows NT Group should be named "FP_ServiceName" for the root Web.


REFERENCES

For more information on restricting Windows NT Group and User accounts in IIS and FrontPage, please see the following Microsoft Web Site:

http://www.microsoft.com/frontpage/wpp/serk
At this site, do the following to locate this topic:
  1. Click the Appendices link from the menu on the left.


  2. Under "Windows NT and Internet Information Server (IIS) Information," click List of Frontpg.ini Settings.


  3. Click RestrictIISUsersAndGroups.


Additional query words: restrict groups limit accounts sam acl

Keywords : kbInternet
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: March 19, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.