Microsoft KB Archive/200193

= How To Restrict IIS 3.0 Users and Groups in FrontPage98 =

Article ID: 200193

Article Last Modified on 10/25/2001

-

APPLIES TO


 * Microsoft FrontPage 98 Standard Edition

-



This article was previously published under Q200193



SUMMARY
To protect your server's Security Accounts Manager (SAM) database, you can hide the list of Windows NT Group and User accounts that are visible in FrontPage.

This article describes the steps necessary to hide your Windows NT Groups and Users.



MORE INFORMATION
When you want to restrict the Users and Groups displayed in FrontPage Permissions, do the following:

Note: You must have Administrator Privileges on the computer running Windows NT Server in order to perform the steps below.

 Use the User Manager for Domains to create a Local Windows NT Group. For IIS 2.0 and 3.0 with single hosted computer, create a group called "FP_ServiceName" (without the quotation marks), where ServiceName is the IP address and port number combination. If it is a single-hosted computer, the ServiceName will be the port number only. Edit the Frontpg.ini file to include the following line in the [FrontPage 3.0] section:

RestrictIISUsersAndGroups=1



The settings described in step 2 are global to the Web server. This means that the ability to restrict groups is global for all virtual servers and all subwebs on that server. On a multihosted computer, you can set this individually by server. To do this, follow the steps below:  In the User Manager for Domains, create a Local Windows NT Group. For IIS 2.0 and 3.0 with a multihosted server, create a group called "FP_ServiceName" (without the quotation marks). Edit the Frontpg.ini file to include the following line in the [Ports] section:

RestrictIISUsersAndGroups=1



By using this setting, FrontPage will only see one or none of the Windows NT Groups, rather than all that are available. The Group that FrontPage looks for is the special Group that you will create in step 1. If you have subwebs and want to restrict access to the security accounts for only the subweb, you should create a group for the subweb. This special group should be named in the following format:

FP_ServiceName_[SubWeb]

If you are only using a root Web, exclude the [_Subweb] setting. In other words, your Windows NT Group should be named "FP_ServiceName" for the root Web.

