Files and Permissions on Internet Information Service

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

This appendix lists the detailed, minimum file permission settings that must be in place for Microsoft's SharePoint™ Team Services and Microsoft® FrontPage 2002 Server Extensions to perform as designed. The extensions only edit ACLs, they never affect the permissions of any accounts not listed below.

File permissions assigned by the server health features

The server health commands included with SharePoint Team Services and FrontPage 2002 Server Extensions correct problems in NTFS permissions. The following list of files shows the minimum permissions required for SharePoint Team Services and FrontPage 2002 Server Extensions, as set by this command.

Windows NT directory

User

Permissions

\WINNT\system32\infoadmn.dll

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\WINNT\system32\mfc42.dll

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\WINNT\system32\msvcirt.dll

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\WINNT\system32\msvcrt.dll

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\WINNT\system32\netapi32.dll

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\WINNT\system32\netrap.dll

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\WINNT\system32\rpcltc1.dll

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\WINNT\system32\wsock32.dll

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

SharePoint Team Services and FrontPage 2002 Server Extensions installation directory

The SharePoint Team Services and FrontPage 2002 Server Extensions installation directory is C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions by default.

Installation directory

User

Permissions

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\servsupp\

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\servsupp\fp30msft.dll

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\servsupp\servers.cnf

INTERACTIVE
NETWORK

Special Access (R)
Special Access (R)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\bin\

INTERACTIVE
NETWORK

List (RX)(Not Specified)
List (RX)(Not Specified)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\bin\fp4*utl.dll

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\servsupp\fp4*txt.dll

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\servsupp\fp4*wel.dll

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\bin\fp4*vss.dll

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\bin\1033\fpext*.msg

Note that these files are only present for multilanguage support, and are not normally present in an English installation of the FrontPage Server Extensions.

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\shtml.dll

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\_vti_adm\

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\_vti_adm\admin.dll

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\_vti_aut\

INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)

\Program Files\Common Files\Microsoft Shared\Web Server Extensions \50\isapi\_vti_aut\author.dll

INTERACTIVE
NETWORK

Read (RX)
Read (RX)

Web content area

This listing is for a Web content area of \inetpub\wwwroot.

Web content area

User

Permissions

\inetpub
Note that all directories enclosing the content root will grant LIST permissions to these accounts.

INTERACTIVE
NETWORK

List (RX)(Not Specified)
List (RX)(Not Specified)

\inetpub\wwwroot\_vti_pvt

INTERACTIVE
NETWORK

Special Access (RWXD)(RWD)
Special Access (RWXD)(RWD)

\inetpub\wwwroot\_vti_pvt\botinfs.cnf

INTERACTIVE
NETWORK

Special Access (R)
Special Access (R)

\inetpub\wwwroot\_vti_pvt\bots.cnf

INTERACTIVE
NETWORK

Special Access (R)
Special Access (R)

\inetpub\wwwroot\_vti_pvt\services.cnf

INTERACTIVE
NETWORK

Special Access (R)
Special Access (R)

Visual SourceSafe files

This listing is for files used for source control.

SourceSafe file

User

Permissions

\VSS\win32\ssapi.dll

Note that this file's security settings are modified only if Visual SourceSafe™ 5.0 or later is installed.

INTERACTIVE
NETWORK

(RX)
(RX)

\VSS\win32\ssxx.dll

Note that this file's security settings are modified only if Visual SourceSafe 5.0 or later is installed. The xx value is the country code, and ssus.dll is the default if no other country code is present.

INTERACTIVE
NETWORK

(RX)
(RX)

Additional file permissions with Microsoft FrontPage

The following is a list of additional file permissions assigned when the Microsoft FrontPage® 2002 client is installed. This list assumes that the built-in Microsoft Windows NT® groups "Administrators" and "SYSTEM" already have full control over the entire drive, and that the IUSR_<hostname> account is granted READ access to the Web content before FrontPage is installed.

FrontPage will assume any account with READ access to the Web content will need continued access after installation. Such accounts will become end users of the Web content. IUSR_<hostname> is only granted access in the list below if it had access to the files at installation time. You can substitute "all user accounts with read access to the Web content" in place of IUSR_<hostname>. Regardless of what level access these accounts were assigned prior to installation, they will be normalized to the access levels described below by FrontPage Server Extensions Setup.

FrontPage will assign "Administrators" and "SYSTEM" full control everywhere.

The installing account is explicitly given Admin rights throughout the content area even though the installer is already an admin. You must be a Windows NT Administrator to successfully run FrontPage Server Extensions administration tools such as Fpsrvadm.

Web Content Area

User

Permissions

\inetpub\wwwroot\

IUSR_<host_name>
The Installing Account or the Windows Administrators group

Special Access (RWXD) (RWD)
Special Access (RWXD) (RWD)

All Browseable Content

IUSR_<host_name>
The Installing Account or the Windows Administrators group

Special Access (RX)(R)
Special Access (RWPXD) (RWPD)

\inetpub\wwwroot\_vti_log\

IUSR_<host_name>
The Installing Account or the Windows Administrators group

Special Access (RWXD) (RWD)
Special Access (RWPXD) (RWPD)

\inetpub\wwwroot\_vti_pvt\

The Installing Account or the Windows Administrators group
INTERACTIVE
NETWORK

Special Access (RWPXD) (RWPD)

Special Access (RWD)
Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\access.cnf

IUSR_<host_name>
The Installing Account or the Windows Administrators group

Special Access (RWD)
Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\doctodep.btr

IUSR_<host_name>
The Installing Account or the Windows Administrators group

Special Access (RWD)
Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\deptodoc.btr

IUSR_<host_name>
The Installing Account or the Windows Administrators group

Special Access (RWD)
Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\linkinfo.cnf

IUSR_<host_name>
The Installing Account or the Windows Administrators group
INTERACTIVE
NETWORK

Special Access (RWD)
Special Access (RWD)


Special Access (RWD)
Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\service.cnf

IUSR_<host_name>
The Installing Account or the Windows Administrators group
INTERACTIVE
NETWORK

Special Access (RWD)
Special Access (RWD)


Special Access (RWD)
Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\structure.cnf

IUSR_<host_name>
The Installing Account or the Windows Administrators group
INTERACTIVE
NETWORK

Special Access (RWD)
Special Access (RWD)


Special Access (R)
Special Access (R)

\inetpub\wwwroot\_vti_pvt\svcacl.cnf

IUSR_<host_name>
The Installing Account or the Windows Administrators group
INTERACTIVE
NETWORK

Special Access (RWD)
Special Access (RWD)


Special Access (RWD)
Special Access (RWD)

\inetpub\wwwroot\_vti_pvt\uniqperm.cnf

IUSR_<host_name>
The Installing Account
INTERACTIVE
NETWORK

Special Access (RWD)
Special Access (RWD)
Special Access (RWD)
Special Access (RWD)

\inetpub\wwwroot\_vti_txt\

IUSR_<host_name>
The Installing Account
INTERACTIVE

NETWORK

Special Access (RWXD) (RWD)
Special Access (RWXD) (RWD)
Special Access (RWXD) (Not Specified)
Special Access (RWXD) (Not Specified)

\inetpub\wwwroot\_vti_bin\

IUSR_<host_name>
The Installing Account or the Windows Administrators group
INTERACTIVE
NETWORK

Read (RX)(RX)
Read (RX)(RX)


List (RX) (Not Specified)
List (RX) (Not Specified)

\inetpub\wwwroot\_vti_cnf\

IUSR_<host_name>
The Installing Account

Special Access (RX) (R)
Special Access (RWPXD) (RWPD)

\inetpub\wwwroot\_private\

IUSR_<host_name>
The Installing Account or the Windows Administrators group

Special Access (RX) (R)
Special Access (RWPXD) (RWPD)