[WSS 3] User access

Hi All,
I just see an amazing issue that users that aren't popuate in a site (people
and groups) can access the site!!.
What could be wrong?
Thanks a lot in advance

That can happen (if I am reading your post correctly) when you add an AD
security group to the site instead of the individual users.

If the users are members of the security group in AD, they can access the
site without explicitly having a user account there yet. After they log in,
they'll get their own user information, populated with the data from the AD
account. But before they log in for the first time, they have no obvious
account there, and from WSS's point of view, they don't exist as individual
members.

-callahan
"Lp12" <Lp12@discussions.microsoft.com> wrote in message
news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
> Hi All,
> I just see an amazing issue that users that aren't popuate in a site
> (people
> and groups) can access the site!!.
> What could be wrong?
> Thanks a lot in advance

It could also be that "All authorised users" have been given rights to
access the site.


Mike Walsh
WSS FAQ http://www.wssfaq.com / http://wss.collutions.com
no questions by e-mail please



Callahan wrote:
> That can happen (if I am reading your post correctly) when you add an AD
> security group to the site instead of the individual users.
>
> If the users are members of the security group in AD, they can access the
> site without explicitly having a user account there yet. After they log in,
> they'll get their own user information, populated with the data from the AD
> account. But before they log in for the first time, they have no obvious
> account there, and from WSS's point of view, they don't exist as individual
> members.
>
> -callahan
> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
>> Hi All,
>> I just see an amazing issue that users that aren't popuate in a site
>> (people
>> and groups) can access the site!!.
>> What could be wrong?
>> Thanks a lot in advance
>
>

Oh yeah. Forgot about that. ; P

Not my favorite setting (not enough control for my liking), but it does
essentially the same thing.

-callahan
"Mike Walsh" <englantilainen@hotmail.com> wrote in message
news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl...
> It could also be that "All authorised users" have been given rights to
> access the site.
>
>
> Mike Walsh
> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com
> no questions by e-mail please
>
>
>
> Callahan wrote:
>> That can happen (if I am reading your post correctly) when you add an AD
>> security group to the site instead of the individual users.
>>
>> If the users are members of the security group in AD, they can access the
>> site without explicitly having a user account there yet. After they log
>> in, they'll get their own user information, populated with the data from
>> the AD account. But before they log in for the first time, they have no
>> obvious account there, and from WSS's point of view, they don't exist as
>> individual members.
>>
>> -callahan
>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
>>> Hi All,
>>> I just see an amazing issue that users that aren't popuate in a site
>>> (people
>>> and groups) can access the site!!.
>>> What could be wrong?
>>> Thanks a lot in advance
>>

Thanks a lot guys.
I've added a group (department group) to one site collection but the user
that i've tested is not a part of that group.
Any thoughts?

"Callahan" wrote:

> Oh yeah. Forgot about that. ; P
>
> Not my favorite setting (not enough control for my liking), but it does
> essentially the same thing.
>
> -callahan
> "Mike Walsh" <englantilainen@hotmail.com> wrote in message
> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl...
> > It could also be that "All authorised users" have been given rights to
> > access the site.
> >
> >
> > Mike Walsh
> > WSS FAQ http://www.wssfaq.com / http://wss.collutions.com
> > no questions by e-mail please
> >
> >
> >
> > Callahan wrote:
> >> That can happen (if I am reading your post correctly) when you add an AD
> >> security group to the site instead of the individual users.
> >>
> >> If the users are members of the security group in AD, they can access the
> >> site without explicitly having a user account there yet. After they log
> >> in, they'll get their own user information, populated with the data from
> >> the AD account. But before they log in for the first time, they have no
> >> obvious account there, and from WSS's point of view, they don't exist as
> >> individual members.
> >>
> >> -callahan
> >> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
> >> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
> >>> Hi All,
> >>> I just see an amazing issue that users that aren't popuate in a site
> >>> (people
> >>> and groups) can access the site!!.
> >>> What could be wrong?
> >>> Thanks a lot in advance
> >>
>
>

If this was WSS 2.0 I'd jump in with the usual "member of the local
Administrators group"

Here in WSS 3.0 it *could* (unlikely) be that this user is one of the
two specified administrators of the site collection (or is that of the
web application - I can never remember).

Mike Walsh

Lp12 wrote:
> Thanks a lot guys.
> I've added a group (department group) to one site collection but the user
> that i've tested is not a part of that group.
> Any thoughts?
>
> "Callahan" wrote:
>
>> Oh yeah. Forgot about that. ; P
>>
>> Not my favorite setting (not enough control for my liking), but it does
>> essentially the same thing.
>>
>> -callahan
>> "Mike Walsh" <englantilainen@hotmail.com> wrote in message
>> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl...
>>> It could also be that "All authorised users" have been given rights to
>>> access the site.
>>>
>>>
>>> Mike Walsh
>>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com
>>> no questions by e-mail please
>>>
>>>
>>>
>>> Callahan wrote:
>>>> That can happen (if I am reading your post correctly) when you add an AD
>>>> security group to the site instead of the individual users.
>>>>
>>>> If the users are members of the security group in AD, they can access the
>>>> site without explicitly having a user account there yet. After they log
>>>> in, they'll get their own user information, populated with the data from
>>>> the AD account. But before they log in for the first time, they have no
>>>> obvious account there, and from WSS's point of view, they don't exist as
>>>> individual members.
>>>>
>>>> -callahan
>>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
>>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
>>>>> Hi All,
>>>>> I just see an amazing issue that users that aren't popuate in a site
>>>>> (people
>>>>> and groups) can access the site!!.
>>>>> What could be wrong?
>>>>> Thanks a lot in advance
>>

Thanks Mike but it's amazing..... All users can enter all sites collection?!
Where to start?

"Mike Walsh" wrote:

> If this was WSS 2.0 I'd jump in with the usual "member of the local
> Administrators group"
>
> Here in WSS 3.0 it *could* (unlikely) be that this user is one of the
> two specified administrators of the site collection (or is that of the
> web application - I can never remember).
>
> Mike Walsh
>
> Lp12 wrote:
> > Thanks a lot guys.
> > I've added a group (department group) to one site collection but the user
> > that i've tested is not a part of that group.
> > Any thoughts?
> >
> > "Callahan" wrote:
> >
> >> Oh yeah. Forgot about that. ; P
> >>
> >> Not my favorite setting (not enough control for my liking), but it does
> >> essentially the same thing.
> >>
> >> -callahan
> >> "Mike Walsh" <englantilainen@hotmail.com> wrote in message
> >> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl...
> >>> It could also be that "All authorised users" have been given rights to
> >>> access the site.
> >>>
> >>>
> >>> Mike Walsh
> >>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com
> >>> no questions by e-mail please
> >>>
> >>>
> >>>
> >>> Callahan wrote:
> >>>> That can happen (if I am reading your post correctly) when you add an AD
> >>>> security group to the site instead of the individual users.
> >>>>
> >>>> If the users are members of the security group in AD, they can access the
> >>>> site without explicitly having a user account there yet. After they log
> >>>> in, they'll get their own user information, populated with the data from
> >>>> the AD account. But before they log in for the first time, they have no
> >>>> obvious account there, and from WSS's point of view, they don't exist as
> >>>> individual members.
> >>>>
> >>>> -callahan
> >>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
> >>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
> >>>>> Hi All,
> >>>>> I just see an amazing issue that users that aren't popuate in a site
> >>>>> (people
> >>>>> and groups) can access the site!!.
> >>>>> What could be wrong?
> >>>>> Thanks a lot in advance
> >>
>

Lp12,

If all users *can* enter all sites in the collection, chances are that all
authenticated users were selected to be added as members of that collection.
As Authenticated Users is an AD security group, those users would be able to
log in to the site collection as part of that group, and not have their
individual user information show up until they first log in.

Under normal circumstances, all users *cannot* enter any site collections
unless you give them specific permission to do so by adding them as members
(either individually or as part of a AD security group).

Did you check to see if the account you were particularly having problems
with was a site collection administrator or member of a AD security group
that had been added?

Also, and this isn't something done by accident, you didn't happen to allow
anonymous access? That would also appear as if all users can have access,
without their accounts showing in People and Groups.

-callahan
"Lp12" <Lp12@discussions.microsoft.com> wrote in message
news62A32C3-5F3A-4890-B432-2B63ED7164A0@microsoft.com...
> Thanks Mike but it's amazing..... All users can enter all sites
> collection?!
> Where to start?
>
> "Mike Walsh" wrote:
>
>> If this was WSS 2.0 I'd jump in with the usual "member of the local
>> Administrators group"
>>
>> Here in WSS 3.0 it *could* (unlikely) be that this user is one of the
>> two specified administrators of the site collection (or is that of the
>> web application - I can never remember).
>>
>> Mike Walsh
>>
>> Lp12 wrote:
>> > Thanks a lot guys.
>> > I've added a group (department group) to one site collection but the
>> > user
>> > that i've tested is not a part of that group.
>> > Any thoughts?
>> >
>> > "Callahan" wrote:
>> >
>> >> Oh yeah. Forgot about that. ; P
>> >>
>> >> Not my favorite setting (not enough control for my liking), but it
>> >> does
>> >> essentially the same thing.
>> >>
>> >> -callahan
>> >> "Mike Walsh" <englantilainen@hotmail.com> wrote in message
>> >> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl...
>> >>> It could also be that "All authorised users" have been given rights
>> >>> to
>> >>> access the site.
>> >>>
>> >>>
>> >>> Mike Walsh
>> >>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com
>> >>> no questions by e-mail please
>> >>>
>> >>>
>> >>>
>> >>> Callahan wrote:
>> >>>> That can happen (if I am reading your post correctly) when you add
>> >>>> an AD
>> >>>> security group to the site instead of the individual users.
>> >>>>
>> >>>> If the users are members of the security group in AD, they can
>> >>>> access the
>> >>>> site without explicitly having a user account there yet. After they
>> >>>> log
>> >>>> in, they'll get their own user information, populated with the data
>> >>>> from
>> >>>> the AD account. But before they log in for the first time, they
>> >>>> have no
>> >>>> obvious account there, and from WSS's point of view, they don't
>> >>>> exist as
>> >>>> individual members.
>> >>>>
>> >>>> -callahan
>> >>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
>> >>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
>> >>>>> Hi All,
>> >>>>> I just see an amazing issue that users that aren't popuate in a
>> >>>>> site
>> >>>>> (people
>> >>>>> and groups) can access the site!!.
>> >>>>> What could be wrong?
>> >>>>> Thanks a lot in advance
>> >>
>>

Thanks a lot Callahan for all you help.
I see the Authenticated-users on the Server: My computer right
click>Manage>users and groups > Group called users. Should I drop it from
that group or is it the way that AD and the WSS server should be connected?

There is no anonymous access configured ( the Enable anonymous access is not
checked).

Thanks again

"Callahan" wrote:

> Lp12,
>
> If all users *can* enter all sites in the collection, chances are that all
> authenticated users were selected to be added as members of that collection.
> As Authenticated Users is an AD security group, those users would be able to
> log in to the site collection as part of that group, and not have their
> individual user information show up until they first log in.
>
> Under normal circumstances, all users *cannot* enter any site collections
> unless you give them specific permission to do so by adding them as members
> (either individually or as part of a AD security group).
>
> Did you check to see if the account you were particularly having problems
> with was a site collection administrator or member of a AD security group
> that had been added?
>
> Also, and this isn't something done by accident, you didn't happen to allow
> anonymous access? That would also appear as if all users can have access,
> without their accounts showing in People and Groups.
>
> -callahan
> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
> news62A32C3-5F3A-4890-B432-2B63ED7164A0@microsoft.com...
> > Thanks Mike but it's amazing..... All users can enter all sites
> > collection?!
> > Where to start?
> >
> > "Mike Walsh" wrote:
> >
> >> If this was WSS 2.0 I'd jump in with the usual "member of the local
> >> Administrators group"
> >>
> >> Here in WSS 3.0 it *could* (unlikely) be that this user is one of the
> >> two specified administrators of the site collection (or is that of the
> >> web application - I can never remember).
> >>
> >> Mike Walsh
> >>
> >> Lp12 wrote:
> >> > Thanks a lot guys.
> >> > I've added a group (department group) to one site collection but the
> >> > user
> >> > that i've tested is not a part of that group.
> >> > Any thoughts?
> >> >
> >> > "Callahan" wrote:
> >> >
> >> >> Oh yeah. Forgot about that. ; P
> >> >>
> >> >> Not my favorite setting (not enough control for my liking), but it
> >> >> does
> >> >> essentially the same thing.
> >> >>
> >> >> -callahan
> >> >> "Mike Walsh" <englantilainen@hotmail.com> wrote in message
> >> >> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl...
> >> >>> It could also be that "All authorised users" have been given rights
> >> >>> to
> >> >>> access the site.
> >> >>>
> >> >>>
> >> >>> Mike Walsh
> >> >>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com
> >> >>> no questions by e-mail please
> >> >>>
> >> >>>
> >> >>>
> >> >>> Callahan wrote:
> >> >>>> That can happen (if I am reading your post correctly) when you add
> >> >>>> an AD
> >> >>>> security group to the site instead of the individual users.
> >> >>>>
> >> >>>> If the users are members of the security group in AD, they can
> >> >>>> access the
> >> >>>> site without explicitly having a user account there yet. After they
> >> >>>> log
> >> >>>> in, they'll get their own user information, populated with the data
> >> >>>> from
> >> >>>> the AD account. But before they log in for the first time, they
> >> >>>> have no
> >> >>>> obvious account there, and from WSS's point of view, they don't
> >> >>>> exist as
> >> >>>> individual members.
> >> >>>>
> >> >>>> -callahan
> >> >>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
> >> >>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
> >> >>>>> Hi All,
> >> >>>>> I just see an amazing issue that users that aren't popuate in a
> >> >>>>> site
> >> >>>>> (people
> >> >>>>> and groups) can access the site!!.
> >> >>>>> What could be wrong?
> >> >>>>> Thanks a lot in advance
> >> >>
> >>
>
>
>

I am a little confused by what you are asking. Are you asking how to
add Authenticated Users to a SharePoint Group? I thought you were having a
problem with user accounts that were added to WSS, probably by AD security
group, and wanted confirmation concerning the fact that user accounts don't
show in in User Info (or under All People) unless that user logs into WSS.
Otherwise it isn't obvious that they're a member until they log in. Also, I
thought we'd established that you *already* have all authenticated users
accessing your WSS site collection.

But at this point, I think you are asking me if there is a drag and drop
component between Active Directory Users and Computers console and WSS's Add
Users page? If you are then the answer is a very definitive NO.

When adding users to a SharePoint group, there is an option to add all
authenticated users in the Add Users section of the Add Users page. It's
there that you can add all Authenticated Users to a SharePoint group.
There is no drag and drop interface between the ADUC and WSS by default.

I am not sure if I've answered your question, but I hope this helped.

-callahan

"Lp12" <Lp12@discussions.microsoft.com> wrote in message
news:ECD4ECFB-A07A-442D-BD72-A52BC1D55BC7@microsoft.com...
> Thanks a lot Callahan for all you help.
> I see the Authenticated-users on the Server: My computer right
> click>Manage>users and groups > Group called users. Should I drop it from
> that group or is it the way that AD and the WSS server should be
> connected?
>
> There is no anonymous access configured ( the Enable anonymous access is
> not
> checked).
>
> Thanks again
>
> "Callahan" wrote:
>
>> Lp12,
>>
>> If all users *can* enter all sites in the collection, chances are that
>> all
>> authenticated users were selected to be added as members of that
>> collection.
>> As Authenticated Users is an AD security group, those users would be able
>> to
>> log in to the site collection as part of that group, and not have their
>> individual user information show up until they first log in.
>>
>> Under normal circumstances, all users *cannot* enter any site collections
>> unless you give them specific permission to do so by adding them as
>> members
>> (either individually or as part of a AD security group).
>>
>> Did you check to see if the account you were particularly having problems
>> with was a site collection administrator or member of a AD security group
>> that had been added?
>>
>> Also, and this isn't something done by accident, you didn't happen to
>> allow
>> anonymous access? That would also appear as if all users can have
>> access,
>> without their accounts showing in People and Groups.
>>
>> -callahan
>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
>> news62A32C3-5F3A-4890-B432-2B63ED7164A0@microsoft.com...
>> > Thanks Mike but it's amazing..... All users can enter all sites
>> > collection?!
>> > Where to start?
>> >
>> > "Mike Walsh" wrote:
>> >
>> >> If this was WSS 2.0 I'd jump in with the usual "member of the local
>> >> Administrators group"
>> >>
>> >> Here in WSS 3.0 it *could* (unlikely) be that this user is one of the
>> >> two specified administrators of the site collection (or is that of the
>> >> web application - I can never remember).
>> >>
>> >> Mike Walsh
>> >>
>> >> Lp12 wrote:
>> >> > Thanks a lot guys.
>> >> > I've added a group (department group) to one site collection but the
>> >> > user
>> >> > that i've tested is not a part of that group.
>> >> > Any thoughts?
>> >> >
>> >> > "Callahan" wrote:
>> >> >
>> >> >> Oh yeah. Forgot about that. ; P
>> >> >>
>> >> >> Not my favorite setting (not enough control for my liking), but it
>> >> >> does
>> >> >> essentially the same thing.
>> >> >>
>> >> >> -callahan
>> >> >> "Mike Walsh" <englantilainen@hotmail.com> wrote in message
>> >> >> news:eo7uFuSDJHA.4588@TK2MSFTNGP06.phx.gbl...
>> >> >>> It could also be that "All authorised users" have been given
>> >> >>> rights
>> >> >>> to
>> >> >>> access the site.
>> >> >>>
>> >> >>>
>> >> >>> Mike Walsh
>> >> >>> WSS FAQ http://www.wssfaq.com / http://wss.collutions.com
>> >> >>> no questions by e-mail please
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> Callahan wrote:
>> >> >>>> That can happen (if I am reading your post correctly) when you
>> >> >>>> add
>> >> >>>> an AD
>> >> >>>> security group to the site instead of the individual users.
>> >> >>>>
>> >> >>>> If the users are members of the security group in AD, they can
>> >> >>>> access the
>> >> >>>> site without explicitly having a user account there yet. After
>> >> >>>> they
>> >> >>>> log
>> >> >>>> in, they'll get their own user information, populated with the
>> >> >>>> data
>> >> >>>> from
>> >> >>>> the AD account. But before they log in for the first time, they
>> >> >>>> have no
>> >> >>>> obvious account there, and from WSS's point of view, they don't
>> >> >>>> exist as
>> >> >>>> individual members.
>> >> >>>>
>> >> >>>> -callahan
>> >> >>>> "Lp12" <Lp12@discussions.microsoft.com> wrote in message
>> >> >>>> news:2B790F77-F6E7-45AB-906C-141CE6CC67D9@microsoft.com...
>> >> >>>>> Hi All,
>> >> >>>>> I just see an amazing issue that users that aren't popuate in a
>> >> >>>>> site
>> >> >>>>> (people
>> >> >>>>> and groups) can access the site!!.
>> >> >>>>> What could be wrong?
>> >> >>>>> Thanks a lot in advance
>> >> >>
>> >>
>>
>>
>>