Microsoft KB Archive/252769

From BetaArchive Wiki
Knowledge Base


Article ID: 252769

Article Last Modified on 2/28/2007



APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Internet Information Services 5.0



This article was previously published under Q252769

SYMPTOMS

After you upgrade your computer to Windows 2000, you may no longer be able to edit Microsoft FrontPage and Microsoft Visual InterDev files. You can create pages and save them to your server in the Wwwroot folder, but you cannot edit them.

This problem can occur on computers upgraded to Windows 2000 from Microsoft Windows NT 4.0 running Internet Information Server (IIS) 4.0 (installed with all default settings). This behavior only occurs if the drive containing the Wwwroot folder is converted from FAT to NTFS during the upgrade.

CAUSE

This behavior occurs because inheritable permissions are set incorrectly on the Wwwroot folder.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack




WORKAROUND

To work around this behavior, manually change the NTFS permissions on the Wwwroot folder.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Windows 2000. This problem was first corrected in Windows 2000 Service Pack 1.

MORE INFORMATION

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes


The InetPub folder (and all the files and folders in this folder) receives an inheritable access control list (ACL) that gives Everyone Full Control, and it receives non-inheritable access control entries (ACEs) that give Administrators and System Full Control.

When the FrontPage server extensions are upgraded, the permissions on the InetPub\Wwwroot folder are changed from Full Control to Read for the Everyone ACE, because giving Everyone Full Control permissions on content that can be remotely authored creates a security hole.

This leaves the ACL on the Wwwroot folder as Everyone:Read (inheritable) and Administrators and System with Full Control permissions, but not inheritable. Any new files or folders that are added to the Wwwroot folder at this point receive only the inheritable Everyone:Read ACE (which means that after the files/folders are created, they cannot be edited).

After the upgrade, if you lock down the Program Files folder so non-administrators cannot write to it, you may create a similar problem. Any folder that has these non-inheritable ACEs for Administrators and System is broken after a user decides to tighten the permissions on the folder by changing Everyone (or in some cases, Power Users) to Read-only permissions. You can add new files to the folder, but you cannot edit or upgrade after that. For example, if you restrict permissions on the Program Files folder, you can install a new product as an Administrator because you are able to create files in the Program Files folder, but you cannot upgrade the program because you do not have write permissions to the files after you create them.

Keywords: kbbug kbenv kbfix kbqfe kbwin2000sp1fix KB252769