   Files and Permissions for Internet Information Server (IIS)

Files and Permissions for Internet Information Server (IIS)

This appendix lists the detailed, minimum file permission
settings that must be in place for FrontPage to perform as
designed. Any reference to shtml.dll, author.dll, or admin.dll
applies equally to their CGI counterparts: shtml.exe,
author.exe, and admin.exe on IIS 1.x servers. FrontPage only
edits ACLs, it never affects the permissions of any accounts not
listed below on any files.

File Permissions Assigned by "Check Installation"

The FrontPage 98 Server Administrator (fpsrvwin.exe) has a
"Check and Fix" button that can correct problems in NTFS
permissions. The following is list of files shows the minimum
permissions required for FrontPage. This feature will set the
file permissions to those listed below but will not correct:
  * Incorrect permission on data (e.g. HTML files)
  * Permissions on the root of the content drive
  * Permissions that are too lenient
  * Permissions on sub-webs

Windows NT directory

\WINNT\frontpg.ini

                    INTERACTIVE  | Read (R)

                      NETWORK  | Read (R)

\WINNT\system\fp30utl.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system\fp30txt.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system\fp30wel.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\infoadmn.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\mfc42.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\msvcirt.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\msvcrt.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\netapi32.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\netrap.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\rpcltc1.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\samlib.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\WINNT\system32\wsock32.dll

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

Microsoft FrontPage Installation Directory

The FrontPage installation directory defaults to C:\Program
Files\Microsoft FrontPage, but the directory can be changed by
the user during the installation process.

\Microsoft FrontPage\version3.0\servsupp\

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\Microsoft FrontPage\version3.0\servsupp\fp30msft.dll

                    INTERACTIVE  | Read (RX)

                      NETWORK  | Read (RX)

\Microsoft FrontPage\version3.0\servsupp\servers.cnf

                INTERACTIVE  | Special Access (R)

                  NETWORK  | Special Access (R)

\Microsoft FrontPage\version3.0\bin\

            INTERACTIVE  | List (RX)(Not Specified)

              NETWORK  | List (RX)(Not Specified)

\Microsoft FrontPage\version3.0\bin\fp30vss.dll

                    INTERACTIVE  | Read (RX)

                      NETWORK  | Read (RX)

\Microsoft FrontPage\version3.0\bin\fpext*.msg

These files are only present for multi-language support, and are
not normally present in an English installation of the FrontPage
Server Extensions.

                    INTERACTIVE  | Read (RX)

                      NETWORK  | Read (RX)

\Microsoft FrontPage\version3.0\isapi\

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\Microsoft FrontPage\version3.0\isapi\_vti_bin

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\Microsoft FrontPage\version3.0\isapi\_vti_bin\shtml.dll

                    INTERACTIVE  | Read (RX)

                      NETWORK  | Read (RX)

\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_adm\

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_adm\admin.dll

                    INTERACTIVE  | Read (RX)

                      NETWORK  | Read (RX)

\Microsoft FrontPage\version3.0\isapi\_vti_bin\_vti_aut\

                  INTERACTIVE  | Read (RX)(RX)

                    NETWORK  | Read (RX)(RX)

\Microsoft
FrontPage\version3.0\isapi\_vti_bin\_vti_aut\author.dll

                    INTERACTIVE  | Read (RX)

                      NETWORK  | Read (RX)

\Microsoft FrontPage\version3.0\temp\

            INTERACTIVE  | Special Access (RWX)(RWX)

              NETWORK  | Special Access (RWX)(RWX)

\Microsoft FrontPage\version3.0\temp\frontpg.lck

               INTERACTIVE  | Special Access (RW)

                 NETWORK  | Special Access (RW)

Web Content Area

"Check Installation" on an existing FrontPage web will only
affect the following files and directories in the web content
root area - it will not make any adjustment to NTFS permissions
in FrontPage sub webs unless the "tighten permissions" option is
chosen. The minimum level of permissions required in FrontPage
sub-webs will be set during the "tighten permissions" option. In
addition to the permissions listed below, browsers will need
READ permissions to shtml.dll, authors will need READ
permissions to author.dll, and administrators will need READ
permissions to admin.dll. This listing assumes a web content
area of \inetpub\wwwroot.

\inetpub

All directories enclosing the content root will grant LIST
permissions to these accounts.

            INTERACTIVE  | List (RX)(Not Specified)

              NETWORK  | List (RX)(Not Specified)

\inetpub\wwwroot

            INTERACTIVE  | List (RX)(Not Specified)

              NETWORK  | List (RX)(Not Specified)

\inetpub\wwwroot\_vti_pvt

            INTERACTIVE  | Special Access (RWXD)(RWD)

              NETWORK  | Special Access (RWXD)(RWD)

\inetpub\wwwroot\_vti_pvt\botinfs.cnf

                INTERACTIVE  | Special Access (R)

                  NETWORK  | Special Access (R)

\inetpub\wwwroot\_vti_pvt\bots.cnf

                INTERACTIVE  | Special Access (R)

                  NETWORK  | Special Access (R)

\inetpub\wwwroot\_vti_pvt\services.cnf

                INTERACTIVE  | Special Access (R)

                  NETWORK  | Special Access (R)

\VSS\win32\ssapi.dll

This file's security settings are modified only if Visual
SourceSafe 5 is installed.

                      INTERACTIVE  | (RX)

                        NETWORK  | (RX)

\VSS\win32\ssxx.dll

This file's security settings are modified only if Visual
SourceSafe 5 is installed.   The xx value is the country code,
and ssus.dll is the default if no other country code is present.

                      INTERACTIVE  | (RX)

                        NETWORK  | (RX)

Additional File Permissions Assigned by Installation

The following list is of additional file permissions assigned
when FrontPage is installed. Add the following list to the list
above for the complete picture of the effect of FrontPage
installation on the server. This list assumes that the built in
Windows NT groups "Administrators" and "SYSTEM" already have
full control over the entire drive, and that the IUSR_<hostname>
account is granted READ access to the web content before
FrontPage is installed.

FrontPage will assume any account with READ access to the web
content will need continued access after installation. Such
accounts will become end users of the web content.
IUSR_<hostname> is only granted access in the list below if it
had access to the files at installation time. You can substitute
"all user accounts with read access to the web content" in place
of IUSR_<hostname>. Regardless of what level access these
accounts were assigned prior to installation, they will be
normalized to the access levels described below by the
installation process.

FrontPage will assign "Administrators" and "SYSTEM" full control
everywhere.

The installing account is explicitly given Admin rights
throughout the content area even though they are already an
admin.  You must be a Windows NT Administrator to successfully
run the FrontPage Server Administrator.

Microsoft FrontPage Installation Directory

The FrontPage installation directory defaults to C:\Program
Files\Microsoft FrontPage, but the directory can be changed by
the user during the installation process.

\Microsoft FrontPage\temp\_x_todo.htm

              INTERACTIVE  | Special Access (RWX)

                NETWORK  | Special Access (RWX)

Web Content Area

\inetpub\wwwroot\

        IUSR_<host_name>  | Special Access (RWXD) (RWD)

      The Installing Account  | Special Access (RWXD) (RWD)

All Browseable Content

           IUSR_<host_name>  | Special Access (RX)(R)

      The Installing Account  | Special Access (RWXD) (RWD)

\inetpub\wwwroot\_vti_log\

        IUSR_<host_name>  | Special Access (RWXD) (RWD)

      The Installing Account  | Special Access (RWXD) (RWD)

\inetpub\wwwroot\_vti_pvt\

        IUSR_<host_name>  | Special Access (RWXD) (RWD)

      The Installing Account  | Special Access (RWXD) (RWD)

\inetpub\wwwroot\_vti_pvt\access.cnf

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\doctodep.btr

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\deptodoc.btr

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\linkinfo.cnf

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

              INTERACTIVE  | Special Access (RWD)

                NETWORK  | Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\service.cnf

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

              INTERACTIVE  | Special Access (RWD)

                NETWORK  | Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\services.org

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

              INTERACTIVE  | Special Access (RWD)

                NETWORK  | Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\structure.cnf

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

                INTERACTIVE  | Special Access (R)

                  NETWORK  | Special Access (R)

\inetpub\wwwroot\_vti_pvt\svcacl.cnf

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

              INTERACTIVE  | Special Access (RWD)

                NETWORK  | Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\uniqperm.cnf

            IUSR_<host_name>  | Special Access (RWD)

         The Installing Account  | Special Access (RWD)

              INTERACTIVE  | Special Access (RWD)

                NETWORK  | Special Access (RWD)

\inetpub\wwwroot\_vti_txt\

        IUSR_<host_name>  | Special Access (RWXD) (RWD)

      The Installing Account  | Special Access (RWXD) (RWD)

      INTERACTIVE  | Special Access (RWXD) (Not Specified)

        NETWORK  | Special Access (RWXD) (Not Specified)

\inetpub\wwwroot\_vti_bin\

                IUSR_<host_name>  | Read (RX)(RX)

            The Installing Account  | Read (RX)(RX)

            INTERACTIVE  | List (RX) (Not Specified)

              NETWORK  | List (RX) (Not Specified)

\inetpub\wwwroot\_vti_bin\shtml.dll

                  IUSR_<host_name>  | Read (RX)

              The Installing Account  | Read (RX)

\inetpub\wwwroot\_vti_bin\_vti_aut\

            The Installing Account  | Read (RX)(RX)

\inetpub\wwwroot\_vti_bin\_vti_aut\author.dll

              The Installing Account  | Read (RX)

\inetpub\wwwroot\_vti_bin\_vti_adm\

            The Installing Account  | Read (RX)(RX)

\inetpub\wwwroot\_vti_bin\_vti_adm\admin.dll

              The Installing Account  | Read (RX)

\inetpub\wwwroot\_vti_bot\

              The Installing Account  | Read (RX)

              NETWORK  | Special Access (RX) (RX)

            INTERACTIVE  | Special Access (RX) (RX)

\inetpub\wwwroot\_vti_cnf\

          IUSR_<host_name>  | Special Access (RX) (R)

      The Installing Account  | Special Access (RWXD) (RWD)

\inetpub\wwwroot\_private\

          IUSR_<host_name>  | Special Access (RX) (R)

      The Installing Account  | Special Access (RWXD) (RWD)
