Microsoft FrontPage 2000 Server Extensions Resource Kit

Security on Windows NT

 ^{6 of 9}     Setting Mixed Permissions on Content

In FrontPage, permissions on a FrontPage-extended web's content applies to the whole FrontPage-extended web. All authors of the web have access to all of the web's pages, and site visitors can browse to all pages. It is often necessary to divide content on a server so that different groups of users have permissions to administer, author, or browse to different areas of the content.

This topic describes two mechanisms for setting varied permissions on content. One method is to divide the content into as many FrontPage subwebs as there are different sets of authors, administrators, or site visitors. Another method allows you to set finer permissions on the content within a single FrontPage-extended web, but requires that you bypass FrontPage's built-in permission-setting tools.

Using subwebs to set mixed permissions

A FrontPage-extended subweb is a complete FrontPage-extended web that is a subdirectory of the root web or of another subweb. Subwebs are the recommended mechanism for giving different sets of administrators, authors, and site visitors permission to access different content areas of a virtual server. Using subwebs, finer security granularity is automatic, since each subweb maintains separate security settings. In earlier versions of FrontPage, subwebs could only be created directly below the root web. In FrontPage 2000, subwebs can be created at any level of your content structure, including below another subweb.

Managing permissions manually

You can bypass FrontPage's built-in security management and set permissions manually on the content of a FrontPage-extended web. Doing this allows you to set permissions on a per-folder or per-file basis, giving you more granular control over permissions on a web's content, but you need to manage the ACLs yourself. This is an advanced technique and must be done carefully to avoid weakening the security of the content on your server.

To manually set permissions on a FrontPage-extended web, open the MMC Console and use the Properties command on the FrontPage-extended web. On the Server Extensions tab, clear the Manage permissions manually check box.

When manually managing permissions on a FrontPage-extended web, you must modify the ACLs in the top-level folder of the web. At a minimum, you must give administrators read, write, and change permissions access on the top-level folder of a FrontPage-extended web or subweb.

As a convenience, the FrontPage Server Extensions Configuration Wizard will create three empty local machine groups when you create a FrontPage-extended web. These groups will be named "webname Admins," "webname Authors," and "webname Browsers." It is convenient to use these groups in the ACLs and maintain these groups using the Windows NT User Manager.