Microsoft KB Archive/296662

= FP2000: Everyone Has Full Administrator Privileges to FrontPage Web =

Article ID: 296662

Article Last Modified on 1/7/2006

-

APPLIES TO


 * Microsoft FrontPage 2000 Standard Edition

-



This article was previously published under Q296662



SYMPTOMS
In Microsoft FrontPage, when you open a Web that resides on a Microsoft Internet Information Services (IIS) computer, you may not be prompted to enter your user name and password as expected. Instead, you have full administrator privileges to the Web, even though your user account specifies otherwise.



CAUSE
This behavior can occur if any of the following conditions are true about the default anonymous user account, IUSR_, which is created by IIS:
 * The account is a member of the Microsoft Windows NT or Microsoft Windows 2000 Administrators group.

-or-
 * The account is replaced by the Administrator account or a member of the Administrators group as the anonymous user account in IIS.

-or-
 * The account is granted Administer permissions to the Web in FrontPage.

If the IUSR_ account has Administer permissions, users who access the Web do not receive a user name and password message. As a result, they can browse, modify the contents of the files, and fully administer the Web in FrontPage. FrontPage grants administrator access by default to all members of the Administrators group and the System account.



RESOLUTION
In Windows NT or Windows 2000, remove (if present) the Everyone group and the IUSR_ user account from the Administrators group.

To do this, follow these steps:
 * 1) If you are running Windows 2000, click Start, point to Programs, point to Administrative Tools, and then click Computer Management. Double-click Local Users and Groups, click Groups, and then double-click Administrators.

If you are running Windows NT, click Start, point to Programs, point to Administrative Tools, and then click User Manager. Under Groups, double-click Administrators.
 * 1) Under Members, click Everyone, and then click Remove. Repeat this step to remove the IUSR_  user account from the Administrators group.

In IIS, verify that IUSR_ is set as the account used for anonymous access to the Web site.

To do this, follow these steps:
 * 1) On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager or open the custom Microsoft Management Console (MMC) that contains the IIS snap-in.
 * 2) Right-click the appropriate Web site, click Properties, and then click the Directory Security tab.
 * 3) Under Anonymous access and authentication control, click Edit, and then click Edit under Anonymous access.
 * 4) In the Username box, remove (if present) the Administrator or any user that is a member of the Administrators group, click Browse to select IUSR_ , and then click OK.

In FrontPage, check the permissions that the IUSR_ account and the Everyone group have for access to the Web. If you want users to have &quot;read&quot; access to the Web, configure the IUSR_ user account and the Everyone group with Browse permissions.

To do this, follow these steps:
 * 1) Start FrontPage, and then open the Web.
 * 2) On the Tools menu, point to Security, and then click Permissions.
 * 3) Click the Users tab, select IUSR_ , and then click Edit. Under User can, click Browse.
 * 4) Click Apply, and then click OK.
 * 5) Click the Groups tab, select the Everyone group, and then click Edit. Under User can, select Browse.
 * 6) Click Apply, and then click OK.

If you want to have tighter security and do not want users to gain access to the Web in FrontPage, remove the IUSR_ account and the Everyone group from the Web.

To do this, follow these steps:
 * 1) Start FrontPage, and then open the Web.
 * 2) On the Tools menu, point to Security, and then click Permissions.
 * 3) Click the Users tab, select IUSR_ , and then click Remove.
 * 4) Click the Groups tab, select the Everyone group, and then click Remove.
 * 5) Click Apply, and then click OK.



MORE INFORMATION
For more information about FrontPage security, click Microsoft FrontPage Help on the Help menu, type permissions in the Office Assistant or the Answer Wizard, and then click Search to view the topics returned.

