Files and Permissions on Internet Information Service
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
This appendix lists the detailed, minimum file permission settings that must be in place for Microsoft's SharePoint™ Team Services and Microsoft® FrontPage 2002 Server Extensions to perform as designed. The extensions only edit ACLs, they never affect the permissions of any accounts not listed below.
File permissions assigned by the server health features
The server health commands included with SharePoint Team Services and FrontPage 2002 Server Extensions correct problems in NTFS permissions. The following list of files shows the minimum permissions required for SharePoint Team Services and FrontPage 2002 Server Extensions, as set by this command.
Windows NT directory |
User |
Permissions |
\WINNT\system32\infoadmn.dll |
INTERACTIVE |
Read (RX)(RX) |
\WINNT\system32\mfc42.dll |
INTERACTIVE |
Read (RX)(RX) |
\WINNT\system32\msvcirt.dll |
INTERACTIVE |
Read (RX)(RX) |
\WINNT\system32\msvcrt.dll |
INTERACTIVE |
Read (RX)(RX) |
\WINNT\system32\netapi32.dll |
INTERACTIVE |
Read (RX)(RX) |
\WINNT\system32\netrap.dll |
INTERACTIVE |
Read (RX)(RX) |
\WINNT\system32\rpcltc1.dll |
INTERACTIVE |
Read (RX)(RX) |
\WINNT\system32\wsock32.dll |
INTERACTIVE |
Read (RX)(RX) |
SharePoint Team Services and FrontPage 2002 Server Extensions installation directory
The SharePoint Team Services and FrontPage 2002 Server Extensions installation directory is C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions by default.
Installation directory |
User |
Permissions |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\servsupp\ |
INTERACTIVE |
Read (RX)(RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\servsupp\fp30msft.dll |
INTERACTIVE |
Read (RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\servsupp\servers.cnf |
INTERACTIVE |
Special Access (R) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\bin\ |
INTERACTIVE |
List (RX)(Not Specified) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\bin\fp4*utl.dll |
INTERACTIVE |
Read (RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\servsupp\fp4*txt.dll |
INTERACTIVE |
Read (RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\servsupp\fp4*wel.dll |
INTERACTIVE |
Read (RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\bin\fp4*vss.dll |
INTERACTIVE |
Read (RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\bin\1033\fpext*.msg Note that these files are only present for multilanguage support, and are not normally present in an English installation of the FrontPage Server Extensions. |
INTERACTIVE |
Read (RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\ |
INTERACTIVE |
Read (RX)(RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\shtml.dll |
INTERACTIVE |
Read (RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\_vti_adm\ |
INTERACTIVE |
Read (RX)(RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\_vti_adm\admin.dll |
INTERACTIVE |
Read (RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\_vti_aut\ |
INTERACTIVE |
Read (RX)(RX) |
\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\_vti_aut\author.dll |
INTERACTIVE |
Read (RX) |
Web content area
This listing is for a Web content area of \inetpub\wwwroot.
Web content area |
User |
Permissions |
\inetpub |
INTERACTIVE |
List (RX)(Not Specified) |
\inetpub\wwwroot\_vti_pvt |
INTERACTIVE |
Special Access (RWXD)(RWD) |
\inetpub\wwwroot\_vti_pvt\botinfs.cnf |
INTERACTIVE |
Special Access (R) |
\inetpub\wwwroot\_vti_pvt\bots.cnf |
INTERACTIVE |
Special Access (R) |
\inetpub\wwwroot\_vti_pvt\services.cnf |
INTERACTIVE |
Special Access (R) |
Visual SourceSafe files
This listing is for files used for source control.
SourceSafe file |
User |
Permissions |
\VSS\win32\ssapi.dll Note that this file's security settings are modified only if Visual SourceSafe™ 5.0 or later is installed. |
INTERACTIVE |
(RX) |
\VSS\win32\ssxx.dll Note that this file's security settings are modified only if Visual SourceSafe 5.0 or later is installed. The xx value is the country code, and ssus.dll is the default if no other country code is present. |
INTERACTIVE |
(RX) |
Additional file permissions with Microsoft FrontPage
The following is a list of additional file permissions assigned when the Microsoft FrontPage® 2002 client is installed. This list assumes that the built-in Microsoft Windows NT® groups "Administrators" and "SYSTEM" already have full control over the entire drive, and that the IUSR_<hostname> account is granted READ access to the Web content before FrontPage is installed.
FrontPage will assume any account with READ access to the Web content will need continued access after installation. Such accounts will become end users of the Web content. IUSR_<hostname> is only granted access in the list below if it had access to the files at installation time. You can substitute "all user accounts with read access to the Web content" in place of IUSR_<hostname>. Regardless of what level access these accounts were assigned prior to installation, they will be normalized to the access levels described below by FrontPage Server Extensions Setup.
FrontPage will assign "Administrators" and "SYSTEM" full control everywhere.
The installing account is explicitly given Admin rights throughout the content area even though the installer is already an admin. You must be a Windows NT Administrator to successfully run FrontPage Server Extensions administration tools such as Fpsrvadm.
Web Content Area |
User |
Permissions |
\inetpub\wwwroot\ |
IUSR_<host_name> |
Special Access (RWXD) (RWD) |
All Browseable Content |
IUSR_<host_name> |
Special Access (RX)(R) |
\inetpub\wwwroot\_vti_log\ |
IUSR_<host_name> |
Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_vti_pvt\ |
The Installing Account or the Windows Administrators group |
Special Access (RWPXD) (RWPD) |
\inetpub\wwwroot\_vti_pvt\access.cnf |
IUSR_<host_name> |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\doctodep.btr |
IUSR_<host_name> |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\deptodoc.btr |
IUSR_<host_name> |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\linkinfo.cnf |
IUSR_<host_name> |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\service.cnf |
IUSR_<host_name> |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\structure.cnf |
IUSR_<host_name> |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\svcacl.cnf |
IUSR_<host_name> |
Special Access (RWD) |
\inetpub\wwwroot\_vti_pvt\uniqperm.cnf |
IUSR_<host_name> |
Special Access (RWD) |
\inetpub\wwwroot\_vti_txt\ |
IUSR_<host_name> |
Special Access (RWXD) (RWD) |
\inetpub\wwwroot\_vti_bin\ |
IUSR_<host_name> |
Read (RX)(RX) |
\inetpub\wwwroot\_vti_cnf\ |
IUSR_<host_name> |
Special Access (RX) (R) |
\inetpub\wwwroot\_private\ |
IUSR_<host_name> |
Special Access (RX) (R) |