HOWTO: Restrict Users and Groups in FrontPage 2000 on IIS

ID: Q236464

The information in this article applies to:
  • Microsoft FrontPage 2000 Server Extensions

SUMMARY

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

In FrontPage 2000, you can set up a single user and group list for each FrontPage Web. When FrontPage administrators use the FrontPage client to set permissions for Web administrators, authors, and site visitors, they cannot see the entire list of Windows NT accounts and groups. This allows you to protect the confidentiality of your user community.


MORE INFORMATION

This information is taken from the Security section of the Server Extensions Resource Kit, and can be found online at:

http://officeupdate.microsoft.com/frontpage/wpp/serk/scwin_7.htm
To enable restricted Windows NT account lists, you must complete the following steps:
  1. Add the FrontPage registry key that indicates you want to restrict Windows NT account lists.


  2. In the Windows NT User Manager create the group(s) to contain the account list(s) you want to use. This group must follow the naming conventions outlined later. Groups can be created for both a FrontPage extended root or for subwebs.


  3. Add the users and/or groups you want to use to the group you created.


Setting the Registry Key

Restricted Windows NT account lists can be enabled for either all virtual servers on the Internet Information server (IIS), or for individual virtual servers.
To enable globally, set the value of the following registry key to 1: 

HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server
Extensions\All Ports\RestrictIISUsersAndGroups
To enable for individual virtual servers, set the value of the following registry key to 1: 

HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server
Extensions\Ports\Port [port name]\RestrictIISUsersAndGroups

Naming the Restricted Group

When user and group restrictions are enabled for a FrontPage extended Web, then the extensions look for the group by the following convention: 

   FP_[VirtualServer][_Directories][_Subweb]
On an IIS 3.0 Server, [VirtualServer] is the server's IP address and port number combination, and [_Directories][_Subweb] is the URL of the subweb. For example, FP_172.17.123.255:80 would be the group for the root of the Web server at that IP address.

On an IIS 4.0 Server, [Virtual Server] can be of the form /LM/W3SVC/N, where N is an instance number. An example of this form for a root Web is FP_/LM/W3SVC/1. An example for a subweb of this virtual server is FP_/LM/W3SVC/1_MySubWeb. Another variation of this form is to use the host name. For a root Web, an example is FP_www.microsoft.com:80, and for a subweb, FP_www.microsoft.com:80_MySubWeb. On a single-hosted computer, [Virtual Server] could be configured as the port number, as in FP_80. The other IIS 4.0 options will work in this case as well.

If restrictions are enabled on a subweb but no local group is defined, the FrontPage Server Extensions look for the group of the parent Web and use it, if it exists. This is repeated recursively if the subweb is nested within another subweb. If no appropriately named group is found, then no restriction is placed on permissions.

Additional query words: frontpage

Keywords : kbFrontPage fpse2000 kbFrontPageX
Version : winnt:
Platform : winnt
Issue type : kbinfo


Last Reviewed: October 7, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.