Microsoft KB Archive/236464

= How To Restrict Users and Groups in FrontPage 2000 on IIS =

Article ID: 236464

Article Last Modified on 8/15/2007

-

APPLIES TO


 * Microsoft FrontPage 2000 Server Extensions

-



This article was previously published under Q236464



SUMMARY
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

In FrontPage 2000, you can set up a single user and group list for each FrontPage Web. When FrontPage administrators use the FrontPage client to set permissions for Web administrators, authors, and site visitors, they cannot see the entire list of Windows NT accounts and groups. This allows you to protect the confidentiality of your user community.



MORE INFORMATION
To enable restricted Windows NT account lists, you must complete the following steps:
 * 1) Add the FrontPage registry key that indicates you want to restrict Windows NT account lists.
 * 2) In the Windows NT User Manager create the group(s) to contain the account list(s) you want to use. This group must follow the naming conventions outlined later. Groups can be created for both a FrontPage extended root or for subwebs.
 * 3) Add the users and/or groups you want to use to the group you created.

Setting the Registry Key
Restricted Windows NT account lists can be enabled for either all virtual servers on the Internet Information server (IIS), or for individual virtual servers.

To enable globally, set the value of the following registry key to 1: HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\All Ports\RestrictIISUsersAndGroups To enable for individual virtual servers, set the value of the following registry key to 1: HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Web Server Extensions\Ports\Port [port name]\RestrictIISUsersAndGroups

Naming the Restricted Group
When user and group restrictions are enabled for a FrontPage extended Web, then the extensions look for the group by the following convention:   FP_[VirtualServer][_Directories][_Subweb] On an IIS 3.0 Server, [VirtualServer] is the server's IP address and port number combination, and [_Directories][_Subweb] is the URL of the subweb. For example, FP_172.17.123.255:80 would be the group for the root of the Web server at that IP address.

On an IIS 4.0 Server, [Virtual Server] can be of the form /LM/W3SVC/N, where N is an instance number. An example of this form for a root Web is FP_/LM/W3SVC/1. An example for a subweb of this virtual server is FP_/LM/W3SVC/1_MySubWeb. Another variation of this form is to use the host name. For a root Web, an example is FP_www.microsoft.com:80, and for a subweb, FP_www.microsoft.com:80_MySubWeb. On a single-hosted computer, [Virtual Server] could be configured as the port number, as in FP_80. The other IIS 4.0 options will work in this case as well.

On an IIS 5.0 Server, [VirtualServer] can be of the form LM_W3SVC_N, where N is an instance number. An example of this form for a root web is FP_LM_W3SVC_1. An example for a subweb of this virtual server is FP_LM_W3SVC_1_MySubWeb.

If restrictions are enabled on a subweb but no local group is defined, the FrontPage Server Extensions look for the group of the parent Web and use it, if it exists. This is repeated recursively if the subweb is nested within another subweb. If no appropriately named group is found, then no restriction is placed on permissions.

Additional query words: frontpage

Keywords: kbhowto KB236464

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.