Polasaí Iarratais Gréasáin, Láithreáin Slándáil agus Slándáil Bearradh — Know do chumraíocht

(Updated 11/29 a mhíniú conas rochtain a suímh ghréasáin polasaí i bhfeidhm tríd an Chomhéadain)

I had one of those "why is MOSS doing this to me????" moments today. Sa deireadh, tá sé go léir mo locht.

We have an enterprise MOSS project going on and we want to secure "place holder" sites so that no user may access it or see it. That’s easy:

  1. Téigh go dtí an láithreán.
  2. Briseadh an oidhreacht slándála.
  3. Bain gach úsáideora / grúpa ó ceadanna láithreán.

Ba chóir an thuas fhágáil ach an riarthóir bailiúcháin suíomh le cead a fheiceáil ar an suíomh.

Má logs duine ar bith eile i, ba chóir dóibh a thuilleadh a fheiceáil ar an suíomh seo agus ba chóir é a bheith slándála-bearrtha ó na háiteanna is gnách.

Ach … Ní raibh sé. Ag an am céanna, I suddenly realize that my "Joe User" standard user test account with no priv’s other than restricted read access has a "Site Actions" choice everywhere he goes. I double check one thing and double check something else. I pick up the phone to call a colleague, but put it down and check something else. I go for a walk and try everything all over again. I call a colleague and leave a message. And then, ar deireadh, I find that at Ethan’s blog, his opening graph makes it quite simple:

CAONAIGH 2007 has a new feature called Web Application Policies. Tá na ceadanna slándála go bhfuil ceangailte le Iarratais Gréasáin. Tá na socruithe slándála gcealófaí leis aon socrú slándála atá leagtha ag an mBailiúchán Suíomh nó an tSuímh (Gréasáin) leibhéal don úsáideoir.

A quick visit to web application policies shows that "NT Authority\authenticated users" had been granted Full Read. I removed them from the list and everything finally started working as expected. I believe they were added in the first place by someone with the mistaken impression that that is best method to grant read access to everyone in the enterprise. It does, ach, le brú a ceanglófar, "It does not mean what you think it means."

Access web application policies this way:

  1. Téigh go dtí Riarachán Lárnach
  2. Roghnaigh Bainistíochta Iarratais
  3. Select "Policy for Web Application"
  4. On that screen, make sure you pick the correct web application. Maidir liom féin, it defaults to the web application of central admin which may not be the one you want.

Nuair a bhí mé an fhadhb seo, Chuardach mé do na frásaí seo a leanas agus fuair ionadh beag i dtéarmaí cabhair dhíreach ar an tsaincheist seo:

Gníomhartha suíomh le feiceáil do gach úsáideoir

Gníomhartha suíomh le feiceáil ar na húsáideoirí go léir

Ní ghníomhartha suíomh seo bearrtha slándála

dhaingniú láithreán CAONAIGH

a thabhairt isteach chun caonach slándála

Clibeanna Technorati:

4 smaointe ar "Polasaí Iarratais Gréasáin, Láithreáin Slándáil agus Slándáil Bearradh — Know do chumraíocht

  1. Perry

    I see "NT
    AUTHORITY\LOCAL SERVICE
    " granted Full Read on several existing Web Applications on several MOSS servers, even though all services and Application Pools were configured during installation to run as specified domain accounts. That sounds like it might be a bug somewhere?

    Freagra
  2. Miguel
    That fixed my problem… Go raibh maith agat!
    But probably it’s better to change the rights user to "Deny to all – No access" instead of deleting from the list. That produces the same effect but it’s easier to give back the rights to the users just in case of problems
    Freagra
  3. Nathalie Gosdinski
    Thanks for posting this! As you said, ann nach bhfuil a lán eolais ar an gceist seo. That fixed my problem… Go raibh maith agat!
    Freagra
  4. RichRockwell Scríobh:
    Bhí mé an fhadhb chéanna, and this fixed it. I had seen NT Authority\authenticated users in my web app policy, but thought it was supposed to be there because I didn’t put it there. Removing it fixed the problem.
    Go raibh maith agat
    Freagra

Leave a Reply

Ní thabharfar do sheoladh r-phoist a fhoilsiú. Réimsí riachtanacha atá marcáilte *