1

Windows 2003-32bit IIS6 WSS 3.0 (No MOSS Installation)

  1. WSS is installed on the Domain Controller (Active Directory). (Not something I did or would do!)
  2. WSS is set to NOT allow anoymous access BUT it was at some other time in the past.
  3. SSL has been installed and the Web Site on a different website than the original WSS Site when the application was created.

ISSUE: 1. I create a user in AD on the machine. 2. I DO NOT added that user to SharePoint. 3. I can log into SharePoint with that user and see the Top Site and 1 of the sub-sites, but none of the other sub-sites.

QUESTION: How do I make it so that no user can log on and see anything unless they have been added to the web application?

Yuliy
  • 17,381
  • 6
  • 41
  • 47
Dave Stuart
  • 547
  • 8
  • 22
  • kindly confirm if ntauthourity\authenticated users have not been provided access to the site – Ashutosh Singh-MVP SharePoint Nov 03 '10 at 10:05
  • No one has been granted access to the site except for the site administratiors, however ANYONE one in AD can logon with read-only access which is driving me mad. – Dave Stuart Nov 05 '10 at 15:39
  • I think the issue is that whoever setup the SSL certificate did so on a different website than the one created by the Web Application. i.e. SharePoint-80 is the orginal site and SharePoint-443 is the site with the SSL installed on it. The Web Application can only control SharePoint-80. Meaning, if I go into Central Admin and change the Web Application to allow Anonymous access then ONLY SharePoint-80's IIS permissions are updated. – Dave Stuart Nov 05 '10 at 15:46
  • Another piece to this problem is as follows. 1)Create a subsite with Unique permissions. 2)Testing the login works as expected and NOBODY can log in until added to the site. 3)I then change the sub-site to Inherit Parent Permissions, which then allows everyone to see it. 4)Then I stop inheriting from the Parent and removed all permissions that it brought across. 5)Now the sub-site is STILL Open to everyone in AD again!!!! This is my issue. I need to know how to correct this so the permissions work properly. – Dave Stuart Nov 05 '10 at 19:00
  • Any suggestions are very welcome as I'm sure someone has come across this at some point in their SharePoint experiences. – Dave Stuart Nov 05 '10 at 19:00

1 Answers1

0

Well, I have now discovered the solution to my issue!!

This issue was caused by leaving Anonymous Access set to "Entire Web Site" in Site Settings -> Advanced Permissions under the Settings -> Anonymous Access, and switching OFF Anoymous Access via Central Administration -> Application Management -> Authentication Providers (Default) -> Edit Authentication. This allowed ANY user in AD to log into the site with read access and see everything! Regardless if WSS is on the Domain Controller or an a different box.

So to fix the problem I had to switch ON Anonymous Access via Central Admin so that I could actually see the Anonymous Access Menu option in Site Settings -> Site Permissions. I then went into to the Menu option and set it to "Nothing". Then back into Central Administration -> Application Management -> Authentication Providers (Default) -> Edit Authentication and swithed OFF Anonymous Access. The Site is now fully Secure and only users who have access permissions in the SP site can actually log in.

I put this down to inexperience with SharePoint (ME that is!) at the same time as taking over the site from someone else who had switched on Anonymous Access for some strange reason. I thought that switching OFF Anonymous Access in Central Admin was enough, however I didn't know it was a 2 step process that can only be reversed by performing 2 steps in the opposite way.

Problem Solved!

Dave Stuart
  • 547
  • 8
  • 22