[WSS 3] User accessThis is a discussion on [WSS 3] User access within the Sharepoint forums in Microsoft Tools category; Sorry Callahan for the miscommunication. The problem is that all users can access all site collections what so ever. I deleted the AD distribution list that I've added in the past but still same results. All users can still access. I've tried disabling the Guest user (I_USR_SERVERNAME) but still same same. I'm lost here.....and it's a production environment. Thanks again for everything "Callahan" wrote: > I am a little confused by what you are asking. Are you asking how to > add Authenticated Users to a SharePoint Group? I thought you were having a > problem with user accounts that ... | ||||||||
| | ||||||||
| ||||||||
![[WSS 3] User access](http://objectmix.com/iconimages/sharepoint/wss-3-user-access_ltr.gif)
| Register | FAQ | Calendar | Search | Today's Posts | Mark Forums Read |
|
#11
09-08-2008, 01:50 AM
| |||
| |||
 Re: [WSS 3] User access Sorry Callahan for the miscommunication. The problem is that all users can access all site collections what so ever. I deleted the AD distribution list that I've added in the past but still same results. All users can still access. I've tried disabling the Guest user (I_USR_SERVERNAME) but still same same. I'm lost here.....and it's a production environment. Thanks again for everything "Callahan" wrote: > I am a little confused by what you are asking. Are you asking how to > add Authenticated Users to a SharePoint Group? I thought you were having a > problem with user accounts that were added to WSS, probably by AD security > group, and wanted confirmation concerning the fact that user accounts don't > show in in User Info (or under All People) unless that user logs into WSS. > Otherwise it isn't obvious that they're a member until they log in. Also, I > thought we'd established that you *already* have all authenticated users > accessing your WSS site collection. > > But at this point, I think you are asking me if there is a drag and drop > component between Active Directory Users and Computers console and WSS's Add > Users page? If you are then the answer is a very definitive NO. > > When adding users to a SharePoint group, there is an option to add all > authenticated users in the Add Users section of the Add Users page. It's > there that you can add all Authenticated Users to a SharePoint group. > There is no drag and drop interface between the ADUC and WSS by default. > > I am not sure if I've answered your question, but I hope this helped. > > -callahan > > "Lp12" <Lp12@discussions.microsoft.com> wrote in message > news:ECD4ECFB-A07A-442D-BD72-A52BC1D55BC7@microsoft.com... > > Thanks a lot Callahan for all you help. > > I see the Authenticated-users on the Server: My computer right > > click>Manage>users and groups > Group called users. Should I drop it from > > that group or is it the way that AD and the WSS server should be > > connected? > > > > There is no anonymous access configured ( the Enable anonymous access is > > not > > checked). > > > > Thanks again > > > > "Callahan" wrote: > > > >> Lp12, > >> > >> If all users *can* enter all sites in the collection, chances are that > >> all > >> authenticated users were selected to be added as members of that > >> collection. > >> As Authenticated Users is an AD security group, those users would be able > >> to > >> log in to the site collection as part of that group, and not have their > >> individual user information show up until they first log in. > >> > >> Under normal circumstances, all users *cannot* enter any site collections > >> unless you give them specific permission to do so by adding them as > >> members > >> (either individually or as part of a AD security group). > >> > >> Did you check to see if the account you were particularly having problems > >> with was a site collection administrator or member of a AD security group > >> that had been added? > >> > >> Also, and this isn't something done by accident, you didn't happen to > >> allow > >> anonymous access? That would also appear as if all users can have > >> access, > >> without their accounts showing in People and Groups. > >> > >> -callahan > >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message > >> news  62A32C3-5F3A-4890-B432-2B63ED7164A0@microsoft.com...> >> > Thanks Mike but it's amazing..... All users can enter all sites > >> > collection?! > >> > Where to start? > >> > > >> > "Mike Walsh" wrote: > >> > > >> >> If this was WSS 2.0 I'd jump in with the usual "member of the local > >> >> Administrators group" > >> >> > >> >> Here in WSS 3.0 it *could* (unlikely) be that this user is one of the > >> >> two specified administrators of the site collection (or is that of the > >> >> web application - I can never remember). > >> >> > >> >> Mike Walsh > >> >> > >> >> Lp12 wrote: > >> >> > Thanks a lot guys. > >> >> > I've added a group (department group) to one site collection but the > >> >> > user > >> >> > that i've tested is not a part of that group. > >> >> > Any thoughts? > >> >> > > >> >> > "Callahan" wrote: > >> >> > > >> >> >> Oh yeah. Forgot about that. ; P > >> >> >> > >> >> >> Not my favorite setting (not enough control for my liking), but it > >> >> >> does > >> >> >> essentially the same thing. > >> >> >> > >> >> >> -callahan > >> >> >> "Mike Walsh" <englantilainen@hotmail.com> wrote in message > >> >> >> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl... > >> >> >>> It could also be that "All authorised users" have been given > >> >> >>> rights > >> >> >>> to > >> >> >>> access the site. > >> >> >>> > >> >> >>> > >> >> >>> Mike Walsh > >> >> >>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com > >> >> >>> no questions by e-mail please > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> Callahan wrote: > >> >> >>>> That can happen (if I am reading your post correctly) when you > >> >> >>>> add > >> >> >>>> an AD > >> >> >>>> security group to the site instead of the individual users. > >> >> >>>> > >> >> >>>> If the users are members of the security group in AD, they can > >> >> >>>> access the > >> >> >>>> site without explicitly having a user account there yet. After > >> >> >>>> they > >> >> >>>> log > >> >> >>>> in, they'll get their own user information, populated with the > >> >> >>>> data > >> >> >>>> from > >> >> >>>> the AD account. But before they log in for the first time, they > >> >> >>>> have no > >> >> >>>> obvious account there, and from WSS's point of view, they don't > >> >> >>>> exist as > >> >> >>>> individual members. > >> >> >>>> > >> >> >>>> -callahan > >> >> >>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message > >> >> >>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com... > >> >> >>>>> Hi All, > >> >> >>>>> I just see an amazing issue that users that aren't popuate in a > >> >> >>>>> site > >> >> >>>>> (people > >> >> >>>>> and groups) can access the site!!. > >> >> >>>>> What could be wrong? > >> >> >>>>> Thanks a lot in advance > >> >> >> > >> >> > >> > >> > >> > > > > >  |
|
#12
09-08-2008, 04:13 PM
| |||
| |||
| Re: [WSS 3] User access Well, there can really be only a few logical reasons why all users can access all of a site collection. These things can, of course be tested by either checking to see who is added to these groups, and by testing what permissions those users have/what they can do: 1) all Authenticated Users has been added to a SharePoint group on the site. You will need to check each group and see if Authenticated Users has been added. What they can and cannot do on the sites will clearly show you what SharePoint group they are in. ((If Authenticated Users is a member of a group, it's easy to remove them/it. The users who were once given access because Authenticated Users was a part of a SharePoint group will now be denied access (even if their user information is still under All People).)) 2) all Authenticated Users have been made site collection administrators. Again, you can check to see who is a site administrator, and see if Authenticated Users has been added. Also again, it's a dead giveaway if all users also have administrative rights to the site collection. 4) In Policy for Web Applications, someone could have given Authenticated Users the right to access all site collections within the web application. This could also add users to a site collection without actually being able to see that they have an account there-- it supercedes the site collection's All People list. This is going to take legwork on your part to figure out how those users were all given access. It generally doesn't happen by accident. Are you absolutely certain, without a doubt, that anonymous access has not been enabled on the web application/site collection? That's the easiest, least click way to simply let everyone in. -callahan "Lp12" <Lp12@discussions.microsoft.com> wrote in message news:B55BA660-B4B7-4C95-8F4C-17ED4C34FDC7@microsoft.com... > Sorry Callahan for the miscommunication. > The problem is that all users can access all site collections what so > ever. > I deleted the AD distribution list that I've added in the past but still > same results. All users can still access. I've tried disabling the Guest > user > (I_USR_SERVERNAME) but still same same. > I'm lost here.....and it's a production environment. > Thanks again for everything > > > "Callahan" wrote: > >> I am a little confused by what you are asking. Are you asking how to >> add Authenticated Users to a SharePoint Group? I thought you were having >> a >> problem with user accounts that were added to WSS, probably by AD >> security >> group, and wanted confirmation concerning the fact that user accounts >> don't >> show in in User Info (or under All People) unless that user logs into >> WSS. >> Otherwise it isn't obvious that they're a member until they log in. >> Also, I >> thought we'd established that you *already* have all authenticated users >> accessing your WSS site collection. >> >> But at this point, I think you are asking me if there is a drag and drop >> component between Active Directory Users and Computers console and WSS's >> Add >> Users page? If you are then the answer is a very definitive NO. >> >> When adding users to a SharePoint group, there is an option to add all >> authenticated users in the Add Users section of the Add Users page. It's >> there that you can add all Authenticated Users to a SharePoint group. >> There is no drag and drop interface between the ADUC and WSS by default. >> >> I am not sure if I've answered your question, but I hope this helped. >> >> -callahan >> >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message >> news:ECD4ECFB-A07A-442D-BD72-A52BC1D55BC7@microsoft.com... >> > Thanks a lot Callahan for all you help. >> > I see the Authenticated-users on the Server: My computer right >> > click>Manage>users and groups > Group called users. Should I drop it >> > from >> > that group or is it the way that AD and the WSS server should be >> > connected? >> > >> > There is no anonymous access configured ( the Enable anonymous access >> > is >> > not >> > checked). >> > >> > Thanks again >> > >> > "Callahan" wrote: >> > >> >> Lp12, >> >> >> >> If all users *can* enter all sites in the collection, chances are that >> >> all >> >> authenticated users were selected to be added as members of that >> >> collection. >> >> As Authenticated Users is an AD security group, those users would be >> >> able >> >> to >> >> log in to the site collection as part of that group, and not have >> >> their >> >> individual user information show up until they first log in. >> >> >> >> Under normal circumstances, all users *cannot* enter any site >> >> collections >> >> unless you give them specific permission to do so by adding them as >> >> members >> >> (either individually or as part of a AD security group). >> >> >> >> Did you check to see if the account you were particularly having >> >> problems >> >> with was a site collection administrator or member of a AD security >> >> group >> >> that had been added? >> >> >> >> Also, and this isn't something done by accident, you didn't happen to >> >> allow >> >> anonymous access? That would also appear as if all users can have >> >> access, >> >> without their accounts showing in People and Groups. >> >> >> >> -callahan >> >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message >> >> news 62A32C3-5F3A-4890-B432-2B63ED7164A0@microsoft.com...>> >> > Thanks Mike but it's amazing..... All users can enter all sites >> >> > collection?! >> >> > Where to start? >> >> > >> >> > "Mike Walsh" wrote: >> >> > >> >> >> If this was WSS 2.0 I'd jump in with the usual "member of the local >> >> >> Administrators group" >> >> >> >> >> >> Here in WSS 3.0 it *could* (unlikely) be that this user is one of >> >> >> the >> >> >> two specified administrators of the site collection (or is that of >> >> >> the >> >> >> web application - I can never remember). >> >> >> >> >> >> Mike Walsh >> >> >> >> >> >> Lp12 wrote: >> >> >> > Thanks a lot guys. >> >> >> > I've added a group (department group) to one site collection but >> >> >> > the >> >> >> > user >> >> >> > that i've tested is not a part of that group. >> >> >> > Any thoughts? >> >> >> > >> >> >> > "Callahan" wrote: >> >> >> > >> >> >> >> Oh yeah. Forgot about that. ; P >> >> >> >> >> >> >> >> Not my favorite setting (not enough control for my liking), but >> >> >> >> it >> >> >> >> does >> >> >> >> essentially the same thing. >> >> >> >> >> >> >> >> -callahan >> >> >> >> "Mike Walsh" <englantilainen@hotmail.com> wrote in message >> >> >> >> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl... >> >> >> >>> It could also be that "All authorised users" have been given >> >> >> >>> rights >> >> >> >>> to >> >> >> >>> access the site. >> >> >> >>> >> >> >> >>> >> >> >> >>> Mike Walsh >> >> >> >>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com >> >> >> >>> no questions by e-mail please >> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >> >>> Callahan wrote: >> >> >> >>>> That can happen (if I am reading your post correctly) when you >> >> >> >>>> add >> >> >> >>>> an AD >> >> >> >>>> security group to the site instead of the individual users. >> >> >> >>>> >> >> >> >>>> If the users are members of the security group in AD, they can >> >> >> >>>> access the >> >> >> >>>> site without explicitly having a user account there yet. >> >> >> >>>> After >> >> >> >>>> they >> >> >> >>>> log >> >> >> >>>> in, they'll get their own user information, populated with the >> >> >> >>>> data >> >> >> >>>> from >> >> >> >>>> the AD account. But before they log in for the first time, >> >> >> >>>> they >> >> >> >>>> have no >> >> >> >>>> obvious account there, and from WSS's point of view, they >> >> >> >>>> don't >> >> >> >>>> exist as >> >> >> >>>> individual members. >> >> >> >>>> >> >> >> >>>> -callahan >> >> >> >>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message >> >> >> >>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com... >> >> >> >>>>> Hi All, >> >> >> >>>>> I just see an amazing issue that users that aren't popuate in >> >> >> >>>>> a >> >> >> >>>>> site >> >> >> >>>>> (people >> >> >> >>>>> and groups) can access the site!!. >> >> >> >>>>> What could be wrong? >> >> >> >>>>> Thanks a lot in advance >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> |
|
#13
09-09-2008, 02:00 AM
| |||
| |||
| Re: [WSS 3] User access Hi Callahan, I really appreciate your kind help, Here are some results of the sections you suggested: 1) I've created a new site collection with one user only as a site collection administrator. I haven't added any other users. Result - All users can access this site. 2) I've double checked the above new site collection in the Central Administration > Application Management > Site Collection Owners > <SiteCollection Name> and only the user I added upon creation, appeared there. (no authenticated users group was found) 3)In Policy for Web Applications only me and another applicative user (called sharepoint-admin) have full control. other users in the list are: NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\network, NT AUTHORITY\system - All have full control. 4) In IIS > Websites > Sharepoint - 80 > Properties > Directory Security > Authentication and access control > Enable anonymous access is CLEAR. Actually I've done the same to all web sites in IIS. Again THANK YOU. "Callahan" wrote: > Well, there can really be only a few logical reasons why all users can > access all of a site collection. These things can, of course be tested by > either checking to see who is added to these groups, and by testing what > permissions those users have/what they can do: > > 1) all Authenticated Users has been added to a SharePoint group on the site. > You will need to check each group and see if Authenticated Users has been > added. What they can and cannot do on the sites will clearly show you what > SharePoint group they are in. > > ((If Authenticated Users is a member of a group, it's easy to remove > them/it. The users who were once given access because Authenticated Users > was a part of a SharePoint group will now be denied access (even if their > user information is still under All People).)) > > 2) all Authenticated Users have been made site collection administrators. > Again, you can check to see who is a site administrator, and see if > Authenticated Users has been added. Also again, it's a dead giveaway if all > users also have administrative rights to the site collection. > > 4) In Policy for Web Applications, someone could have given Authenticated > Users the right to access all site collections within the web application. > This could also add users to a site collection without actually being able > to see that they have an account there-- it supercedes the site collection's > All People list. > > This is going to take legwork on your part to figure out how those users > were all given access. It generally doesn't happen by accident. Are you > absolutely certain, without a doubt, that anonymous access has not been > enabled on the web application/site collection? That's the easiest, least > click way to simply let everyone in. > > -callahan > "Lp12" <Lp12@discussions.microsoft.com> wrote in message > news:B55BA660-B4B7-4C95-8F4C-17ED4C34FDC7@microsoft.com... > > Sorry Callahan for the miscommunication. > > The problem is that all users can access all site collections what so > > ever. > > I deleted the AD distribution list that I've added in the past but still > > same results. All users can still access. I've tried disabling the Guest > > user > > (I_USR_SERVERNAME) but still same same. > > I'm lost here.....and it's a production environment. > > Thanks again for everything > > > > > > "Callahan" wrote: > > > >> I am a little confused by what you are asking. Are you asking how to > >> add Authenticated Users to a SharePoint Group? I thought you were having > >> a > >> problem with user accounts that were added to WSS, probably by AD > >> security > >> group, and wanted confirmation concerning the fact that user accounts > >> don't > >> show in in User Info (or under All People) unless that user logs into > >> WSS. > >> Otherwise it isn't obvious that they're a member until they log in. > >> Also, I > >> thought we'd established that you *already* have all authenticated users > >> accessing your WSS site collection. > >> > >> But at this point, I think you are asking me if there is a drag and drop > >> component between Active Directory Users and Computers console and WSS's > >> Add > >> Users page? If you are then the answer is a very definitive NO. > >> > >> When adding users to a SharePoint group, there is an option to add all > >> authenticated users in the Add Users section of the Add Users page. It's > >> there that you can add all Authenticated Users to a SharePoint group. > >> There is no drag and drop interface between the ADUC and WSS by default. > >> > >> I am not sure if I've answered your question, but I hope this helped. > >> > >> -callahan > >> > >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message > >> news:ECD4ECFB-A07A-442D-BD72-A52BC1D55BC7@microsoft.com... > >> > Thanks a lot Callahan for all you help. > >> > I see the Authenticated-users on the Server: My computer right > >> > click>Manage>users and groups > Group called users. Should I drop it > >> > from > >> > that group or is it the way that AD and the WSS server should be > >> > connected? > >> > > >> > There is no anonymous access configured ( the Enable anonymous access > >> > is > >> > not > >> > checked). > >> > > >> > Thanks again > >> > > >> > "Callahan" wrote: > >> > > >> >> Lp12, > >> >> > >> >> If all users *can* enter all sites in the collection, chances are that > >> >> all > >> >> authenticated users were selected to be added as members of that > >> >> collection. > >> >> As Authenticated Users is an AD security group, those users would be > >> >> able > >> >> to > >> >> log in to the site collection as part of that group, and not have > >> >> their > >> >> individual user information show up until they first log in. > >> >> > >> >> Under normal circumstances, all users *cannot* enter any site > >> >> collections > >> >> unless you give them specific permission to do so by adding them as > >> >> members > >> >> (either individually or as part of a AD security group). > >> >> > >> >> Did you check to see if the account you were particularly having > >> >> problems > >> >> with was a site collection administrator or member of a AD security > >> >> group > >> >> that had been added? > >> >> > >> >> Also, and this isn't something done by accident, you didn't happen to > >> >> allow > >> >> anonymous access? That would also appear as if all users can have > >> >> access, > >> >> without their accounts showing in People and Groups. > >> >> > >> >> -callahan > >> >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message > >> >> news 62A32C3-5F3A-4890-B432-2B63ED7164A0@microsoft.com...> >> >> > Thanks Mike but it's amazing..... All users can enter all sites > >> >> > collection?! > >> >> > Where to start? > >> >> > > >> >> > "Mike Walsh" wrote: > >> >> > > >> >> >> If this was WSS 2.0 I'd jump in with the usual "member of the local > >> >> >> Administrators group" > >> >> >> > >> >> >> Here in WSS 3.0 it *could* (unlikely) be that this user is one of > >> >> >> the > >> >> >> two specified administrators of the site collection (or is that of > >> >> >> the > >> >> >> web application - I can never remember). > >> >> >> > >> >> >> Mike Walsh > >> >> >> > >> >> >> Lp12 wrote: > >> >> >> > Thanks a lot guys. > >> >> >> > I've added a group (department group) to one site collection but > >> >> >> > the > >> >> >> > user > >> >> >> > that i've tested is not a part of that group. > >> >> >> > Any thoughts? > >> >> >> > > >> >> >> > "Callahan" wrote: > >> >> >> > > >> >> >> >> Oh yeah. Forgot about that. ; P > >> >> >> >> > >> >> >> >> Not my favorite setting (not enough control for my liking), but > >> >> >> >> it > >> >> >> >> does > >> >> >> >> essentially the same thing. > >> >> >> >> > >> >> >> >> -callahan > >> >> >> >> "Mike Walsh" <englantilainen@hotmail.com> wrote in message > >> >> >> >> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl... > >> >> >> >>> It could also be that "All authorised users" have been given > >> >> >> >>> rights > >> >> >> >>> to > >> >> >> >>> access the site. > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> Mike Walsh > >> >> >> >>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com > >> >> >> >>> no questions by e-mail please > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> Callahan wrote: > >> >> >> >>>> That can happen (if I am reading your post correctly) when you > >> >> >> >>>> add > >> >> >> >>>> an AD > >> >> >> >>>> security group to the site instead of the individual users. > >> >> >> >>>> > >> >> >> >>>> If the users are members of the security group in AD, they can > >> >> >> >>>> access the > >> >> >> >>>> site without explicitly having a user account there yet. > >> >> >> >>>> After > >> >> >> >>>> they > >> >> >> >>>> log > >> >> >> >>>> in, they'll get their own user information, populated with the > >> >> >> >>>> data > >> >> >> >>>> from > >> >> >> >>>> the AD account. But before they log in for the first time, > >> >> >> >>>> they > >> >> >> >>>> have no > >> >> >> >>>> obvious account there, and from WSS's point of view, they > >> >> >> >>>> don't > >> >> >> >>>> exist as > >> >> >> >>>> individual members. > >> >> >> >>>> > >> >> >> >>>> -callahan > >> >> >> >>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message > >> >> >> >>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com... > >> >> >> >>>>> Hi All, > >> >> >> >>>>> I just see an amazing issue that users that aren't popuate in > >> >> >> >>>>> a > >> >> >> >>>>> site > >> >> >> >>>>> (people > >> >> >> >>>>> and groups) can access the site!!. > >> >> >> >>>>> What could be wrong? > >> >> >> >>>>> Thanks a lot in advance > >> >> >> >> > >> >> >> > >> >> > >> >> > >> >> > >> > >> > >> > >> > >> > > > |
|
#14
09-09-2008, 12:22 PM
| |||
| |||
| Re: [WSS 3] User access Lp12, You have checked everything I can think of concerning user access. The new site collection should absolutely not allow all users access if the things you checked are correct. I am now stymied as to why all users can still access the site. It makes no sense. If 1) the users are not allowed access via Policy for Web Application 2) they are not added as members to any SharePoint group in the site collection 3) they are not site collection administrators 4) no anonymous access is enabled at any level (IIS Web Site, Web Application, or site collection) It makes no sense. I have more problems trying to teach people to overcome the fact that the people they assumed would have access, didn't. Not the other way around. I am sorry, but now I am stumped. Maybe, and this may not be doable for you, I would consider creating a new web application, seting up a site collection (add absolutely no users except the site collection administrator (namely you for this example)), and seeing if the users can access that. I'm running out of options. -callahan "Lp12" <Lp12@discussions.microsoft.com> wrote in message news:756EFCF0-F2CE-48FA-B883-576DE0896824@microsoft.com... > Hi Callahan, > I really appreciate your kind help, > Here are some results of the sections you suggested: > 1) I've created a new site collection with one user only as a site > collection administrator. I haven't added any other users. > Result - All users can access this site. > > 2) I've double checked the above new site collection in the Central > Administration > Application Management > Site Collection Owners > > <SiteCollection Name> and only the user I added upon creation, appeared > there. (no authenticated users group was found) > > 3)In Policy for Web Applications only me and another applicative user > (called sharepoint-admin) have full control. other users in the list are: > NT > AUTHORITY\LOCAL SERVICE, NT AUTHORITY\network, NT AUTHORITY\system - All > have > full control. > 4) In IIS > Websites > Sharepoint - 80 > Properties > Directory Security > > Authentication and access control > Enable anonymous access is CLEAR. > Actually I've done the same to all web sites in IIS. > > Again THANK YOU. > > "Callahan" wrote: > >> Well, there can really be only a few logical reasons why all users can >> access all of a site collection. These things can, of course be tested >> by >> either checking to see who is added to these groups, and by testing what >> permissions those users have/what they can do: >> >> 1) all Authenticated Users has been added to a SharePoint group on the >> site. >> You will need to check each group and see if Authenticated Users has been >> added. What they can and cannot do on the sites will clearly show you >> what >> SharePoint group they are in. >> >> ((If Authenticated Users is a member of a group, it's easy to remove >> them/it. The users who were once given access because Authenticated >> Users >> was a part of a SharePoint group will now be denied access (even if their >> user information is still under All People).)) >> >> 2) all Authenticated Users have been made site collection administrators. >> Again, you can check to see who is a site administrator, and see if >> Authenticated Users has been added. Also again, it's a dead giveaway if >> all >> users also have administrative rights to the site collection. >> >> 4) In Policy for Web Applications, someone could have given Authenticated >> Users the right to access all site collections within the web >> application. >> This could also add users to a site collection without actually being >> able >> to see that they have an account there-- it supercedes the site >> collection's >> All People list. >> >> This is going to take legwork on your part to figure out how those users >> were all given access. It generally doesn't happen by accident. Are you >> absolutely certain, without a doubt, that anonymous access has not been >> enabled on the web application/site collection? That's the easiest, >> least >> click way to simply let everyone in. >> >> -callahan >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message >> news:B55BA660-B4B7-4C95-8F4C-17ED4C34FDC7@microsoft.com... >> > Sorry Callahan for the miscommunication. >> > The problem is that all users can access all site collections what so >> > ever. >> > I deleted the AD distribution list that I've added in the past but >> > still >> > same results. All users can still access. I've tried disabling the >> > Guest >> > user >> > (I_USR_SERVERNAME) but still same same. >> > I'm lost here.....and it's a production environment. >> > Thanks again for everything >> > >> > >> > "Callahan" wrote: >> > >> >> I am a little confused by what you are asking. Are you asking how to >> >> add Authenticated Users to a SharePoint Group? I thought you were >> >> having >> >> a >> >> problem with user accounts that were added to WSS, probably by AD >> >> security >> >> group, and wanted confirmation concerning the fact that user accounts >> >> don't >> >> show in in User Info (or under All People) unless that user logs into >> >> WSS. >> >> Otherwise it isn't obvious that they're a member until they log in. >> >> Also, I >> >> thought we'd established that you *already* have all authenticated >> >> users >> >> accessing your WSS site collection. >> >> >> >> But at this point, I think you are asking me if there is a drag and >> >> drop >> >> component between Active Directory Users and Computers console and >> >> WSS's >> >> Add >> >> Users page? If you are then the answer is a very definitive NO. >> >> >> >> When adding users to a SharePoint group, there is an option to add all >> >> authenticated users in the Add Users section of the Add Users page. >> >> It's >> >> there that you can add all Authenticated Users to a SharePoint group. >> >> There is no drag and drop interface between the ADUC and WSS by >> >> default. >> >> >> >> I am not sure if I've answered your question, but I hope this helped. >> >> >> >> -callahan >> >> >> >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message >> >> news:ECD4ECFB-A07A-442D-BD72-A52BC1D55BC7@microsoft.com... >> >> > Thanks a lot Callahan for all you help. >> >> > I see the Authenticated-users on the Server: My computer right >> >> > click>Manage>users and groups > Group called users. Should I drop it >> >> > from >> >> > that group or is it the way that AD and the WSS server should be >> >> > connected? >> >> > >> >> > There is no anonymous access configured ( the Enable anonymous >> >> > access >> >> > is >> >> > not >> >> > checked). >> >> > >> >> > Thanks again >> >> > >> >> > "Callahan" wrote: >> >> > >> >> >> Lp12, >> >> >> >> >> >> If all users *can* enter all sites in the collection, chances are >> >> >> that >> >> >> all >> >> >> authenticated users were selected to be added as members of that >> >> >> collection. >> >> >> As Authenticated Users is an AD security group, those users would >> >> >> be >> >> >> able >> >> >> to >> >> >> log in to the site collection as part of that group, and not have >> >> >> their >> >> >> individual user information show up until they first log in. >> >> >> >> >> >> Under normal circumstances, all users *cannot* enter any site >> >> >> collections >> >> >> unless you give them specific permission to do so by adding them as >> >> >> members >> >> >> (either individually or as part of a AD security group). >> >> >> >> >> >> Did you check to see if the account you were particularly having >> >> >> problems >> >> >> with was a site collection administrator or member of a AD security >> >> >> group >> >> >> that had been added? >> >> >> >> >> >> Also, and this isn't something done by accident, you didn't happen >> >> >> to >> >> >> allow >> >> >> anonymous access? That would also appear as if all users can have >> >> >> access, >> >> >> without their accounts showing in People and Groups. >> >> >> >> >> >> -callahan >> >> >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message >> >> >> news 62A32C3-5F3A-4890-B432-2B63ED7164A0@microsoft.com...>> >> >> > Thanks Mike but it's amazing..... All users can enter all sites >> >> >> > collection?! >> >> >> > Where to start? >> >> >> > >> >> >> > "Mike Walsh" wrote: >> >> >> > >> >> >> >> If this was WSS 2.0 I'd jump in with the usual "member of the >> >> >> >> local >> >> >> >> Administrators group" >> >> >> >> >> >> >> >> Here in WSS 3.0 it *could* (unlikely) be that this user is one >> >> >> >> of >> >> >> >> the >> >> >> >> two specified administrators of the site collection (or is that >> >> >> >> of >> >> >> >> the >> >> >> >> web application - I can never remember). >> >> >> >> >> >> >> >> Mike Walsh >> >> >> >> >> >> >> >> Lp12 wrote: >> >> >> >> > Thanks a lot guys. >> >> >> >> > I've added a group (department group) to one site collection >> >> >> >> > but >> >> >> >> > the >> >> >> >> > user >> >> >> >> > that i've tested is not a part of that group. >> >> >> >> > Any thoughts? >> >> >> >> > >> >> >> >> > "Callahan" wrote: >> >> >> >> > >> >> >> >> >> Oh yeah. Forgot about that. ; P >> >> >> >> >> >> >> >> >> >> Not my favorite setting (not enough control for my liking), >> >> >> >> >> but >> >> >> >> >> it >> >> >> >> >> does >> >> >> >> >> essentially the same thing. >> >> >> >> >> >> >> >> >> >> -callahan >> >> >> >> >> "Mike Walsh" <englantilainen@hotmail.com> wrote in message >> >> >> >> >> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl... >> >> >> >> >>> It could also be that "All authorised users" have been given >> >> >> >> >>> rights >> >> >> >> >>> to >> >> >> >> >>> access the site. >> >> >> >> >>> >> >> >> >> >>> >> >> >> >> >>> Mike Walsh >> >> >> >> >>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com >> >> >> >> >>> no questions by e-mail please >> >> >> >> >>> >> >> >> >> >>> >> >> >> >> >>> >> >> >> >> >>> Callahan wrote: >> >> >> >> >>>> That can happen (if I am reading your post correctly) when >> >> >> >> >>>> you >> >> >> >> >>>> add >> >> >> >> >>>> an AD >> >> >> >> >>>> security group to the site instead of the individual users. >> >> >> >> >>>> >> >> >> >> >>>> If the users are members of the security group in AD, they >> >> >> >> >>>> can >> >> >> >> >>>> access the >> >> >> >> >>>> site without explicitly having a user account there yet. >> >> >> >> >>>> After >> >> >> >> >>>> they >> >> >> >> >>>> log >> >> >> >> >>>> in, they'll get their own user information, populated with >> >> >> >> >>>> the >> >> >> >> >>>> data >> >> >> >> >>>> from >> >> >> >> >>>> the AD account. But before they log in for the first time, >> >> >> >> >>>> they >> >> >> >> >>>> have no >> >> >> >> >>>> obvious account there, and from WSS's point of view, they >> >> >> >> >>>> don't >> >> >> >> >>>> exist as >> >> >> >> >>>> individual members. >> >> >> >> >>>> >> >> >> >> >>>> -callahan >> >> >> >> >>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message >> >> >> >> >>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com... >> >> >> >> >>>>> Hi All, >> >> >> >> >>>>> I just see an amazing issue that users that aren't popuate >> >> >> >> >>>>> in >> >> >> >> >>>>> a >> >> >> >> >>>>> site >> >> >> >> >>>>> (people >> >> >> >> >>>>> and groups) can access the site!!. >> >> >> >> >>>>> What could be wrong? >> >> >> >> >>>>> Thanks a lot in advance >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> |
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
All times are GMT -5. The time now is 04:34 PM.
