mapping to users home directory

[scmiles]

I am trying to write an asp or aspx page that will create
a virtual ftp directory to the users Active Directory
home directory. That way a user can interact (drag/drop,
copy/paste) via IE with folder view for ftp sites.

I have some code, that seems to be "flaky" it works for
me and some others, but not everyone. I really need to
get a stable version. My asp code is below. Having it
in ASP is fine, but it would be a bonus to have a solid
ASPX (ASP.net) solution.

There is one issue I have ran into that is pretty
annoying, and I am not sure if it can be fixed or not and
that is the security of the virtual directory and file.
I would prefer that when the user is at work on the
network and logged in with their AD account that they
would not be challenged to authenticate, but I could not
get the "request.ServerVariables("AUTH_PASSWORD")" method
to work unless Basic Authentication is used, requiring
the user to login. I do not know if this can be avoided
in ASP.net, but if I can use an aspx page that can get
the password without having to decrypt or whatever that
would be ideal. Anyway, here is the code I have:
----------------------------------------------------------
-------------------------
<%

strFullUserName = request.ServerVariables("AUTH_USER")
strUserPass = request.ServerVariables("AUTH_PASSWORD")
strWebServer = request.ServerVariables("SERVER_NAME")
strWebServerIP = request.ServerVariables("LOCAL_ADDR")

'Split domain and username

strUserDomain = strFullUserName
strUserDomain = Mid (strFullUserName, 1, Instr
(strFullUserName, "\")-1)
strUserDomainLength = len(strUserDomain)
strFullUserNameLength = Len(strFullUserName)
strUserName = Right (strFullUserName,
strFullUserNameLength - strUserDomainLength -1)

Set objUser = GetObject("WinNT://" & strUserDomain & "/"
& strUserName, user)
strUserHome = objUser.homeDirectory

strVD = "ftp://" & strWebServer & "/"


On Error Resume Next

Set IISOBJ = GetObject
("IIS://Localhost/MSFTPSVC/1/Root")
Set NewDir = IISOBJ.Create("IIsFtpVirtualDir",
strUserName)

Error.Number = 0


NewDir.Path = strUserHome
NewDir.AccessRead = True
NewDir.AccessWrite = True
NewDir.UNCUserName = strfullUserName
NewDir.UNCPassword = strUserPass
NewDir.SetInfo
Set NewDir=Nothing
Set IISObJ=Nothing
Response.Redirect( "ftp://testportal" )
'response.write ("Your P Drive Was Mapped
Successfully!"& "<a href=""ftp://testportal/"">Click
Here</a><br>")

%>

[Aaron Bertrand - MVP]

Connecting to LDAP, IIS, etc. is not going to work for authenticated users
that are 'peons'... they must be members of certain privilege groups in
order to create an IIS application; for example, guests and domain users do
not have this privilege.

So, this isn't necessarily that you have flaky code, but that you expect any
user to be able to create your objects. A possible alternative would be to
store the data or set some flag in a database, and have a VBS script that
runs as you or as Administrator, wake up every minute and see if there is a
user to add; if so, create the stuff. The VBS script would then run as a
user with enough privileges to create everything you want to create here.
Of course there would sometimes be a lag of up to a minute, between the time
the user entered the data via the ASP page, and when the directory was
actually created and available for use.

A




"scmiles" <scmiles@nospam-dmacc.edu> wrote in message
news:0a9601c39283$c4ab5640$a001280a@phx.gbl...

> I am trying to write an asp or aspx page that will create
> a virtual ftp directory to the users Active Directory
> home directory. That way a user can interact (drag/drop,
> copy/paste) via IE with folder view for ftp sites.
>
> I have some code, that seems to be "flaky" it works for
> me and some others, but not everyone. I really need to
> get a stable version. My asp code is below. Having it
> in ASP is fine, but it would be a bonus to have a solid
> ASPX (ASP.net) solution.
>
> There is one issue I have ran into that is pretty
> annoying, and I am not sure if it can be fixed or not and
> that is the security of the virtual directory and file.
> I would prefer that when the user is at work on the
> network and logged in with their AD account that they
> would not be challenged to authenticate, but I could not
> get the "request.ServerVariables("AUTH_PASSWORD")" method
> to work unless Basic Authentication is used, requiring
> the user to login. I do not know if this can be avoided
> in ASP.net, but if I can use an aspx page that can get
> the password without having to decrypt or whatever that
> would be ideal. Anyway, here is the code I have:
> ----------------------------------------------------------
> -------------------------
> <%
>
> strFullUserName = request.ServerVariables("AUTH_USER")
> strUserPass = request.ServerVariables("AUTH_PASSWORD")
> strWebServer = request.ServerVariables("SERVER_NAME")
> strWebServerIP = request.ServerVariables("LOCAL_ADDR")
>
> 'Split domain and username
>
> strUserDomain = strFullUserName
> strUserDomain = Mid (strFullUserName, 1, Instr
> (strFullUserName, "\")-1)
> strUserDomainLength = len(strUserDomain)
> strFullUserNameLength = Len(strFullUserName)
> strUserName = Right (strFullUserName,
> strFullUserNameLength - strUserDomainLength -1)
>
> Set objUser = GetObject("WinNT://" & strUserDomain & "/"
> & strUserName, user)
> strUserHome = objUser.homeDirectory
>
> strVD = "ftp://" & strWebServer & "/"
>
>
> On Error Resume Next
>
> Set IISOBJ = GetObject
> ("IIS://Localhost/MSFTPSVC/1/Root")
> Set NewDir = IISOBJ.Create("IIsFtpVirtualDir",
> strUserName)
>
> Error.Number = 0
>
>
> NewDir.Path = strUserHome
> NewDir.AccessRead = True
> NewDir.AccessWrite = True
> NewDir.UNCUserName = strfullUserName
> NewDir.UNCPassword = strUserPass
> NewDir.SetInfo
> Set NewDir=Nothing
> Set IISObJ=Nothing
> Response.Redirect( "ftp://testportal" )
> 'response.write ("Your P Drive Was Mapped
> Successfully!"& "<a href=""ftp://testportal/"">Click
> Here</a><br>")
>
> %>

[Phillip Windell]

An FTP site?? FTP Servers don't do ASP.

An FTP Server will automatically dump a user into a folder if there is
a folder that matches their username. Just create a virtual folder
that is the same folder name as the username. Then point it to
whatever in the file system location you want it to be. When the user
logs in as the particular user name it will auotmatically dump them in
the right folder.

Example:

User name: JSmith

Virtual Directory: JSmith
Virtual Directory Physical Path: "C:\where\ever\the\files\are\"
Virtual Directory Logical Path: [url]ftp://servername/jsmith[/url]

When user connect to it as JSmith they are automatically dumped into
thier proper folder. It might be their "ROOT" so it may only show up
as "ftp://servername", but I don't remember for sure. Just have them
upload a file, then you go look for it and see where it ended up.


--

Phillip Windell [CCNA, MVP, MCP]
[email]pwindell@wandtv.com[/email]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

"scmiles" <scmiles@nospam-dmacc.edu> wrote in message
news:0a9601c39283$c4ab5640$a001280a@phx.gbl...

> I am trying to write an asp or aspx page that will create
> a virtual ftp directory to the users Active Directory
> home directory. That way a user can interact (drag/drop,
> copy/paste) via IE with folder view for ftp sites.
>
> I have some code, that seems to be "flaky" it works for
> me and some others, but not everyone. I really need to
> get a stable version. My asp code is below. Having it
> in ASP is fine, but it would be a bonus to have a solid
> ASPX (ASP.net) solution.
>
> There is one issue I have ran into that is pretty
> annoying, and I am not sure if it can be fixed or not and
> that is the security of the virtual directory and file.
> I would prefer that when the user is at work on the
> network and logged in with their AD account that they
> would not be challenged to authenticate, but I could not
> get the "request.ServerVariables("AUTH_PASSWORD")" method
> to work unless Basic Authentication is used, requiring
> the user to login. I do not know if this can be avoided
> in ASP.net, but if I can use an aspx page that can get
> the password without having to decrypt or whatever that
> would be ideal. Anyway, here is the code I have:
> ----------------------------------------------------------
> -------------------------
> <%
>
> strFullUserName = request.ServerVariables("AUTH_USER")
> strUserPass = request.ServerVariables("AUTH_PASSWORD")
> strWebServer = request.ServerVariables("SERVER_NAME")
> strWebServerIP = request.ServerVariables("LOCAL_ADDR")
>
> 'Split domain and username
>
> strUserDomain = strFullUserName
> strUserDomain = Mid (strFullUserName, 1, Instr
> (strFullUserName, "\")-1)
> strUserDomainLength = len(strUserDomain)
> strFullUserNameLength = Len(strFullUserName)
> strUserName = Right (strFullUserName,
> strFullUserNameLength - strUserDomainLength -1)
>
> Set objUser = GetObject("WinNT://" & strUserDomain & "/"
> & strUserName, user)
> strUserHome = objUser.homeDirectory
>
> strVD = "ftp://" & strWebServer & "/"
>
>
> On Error Resume Next
>
> Set IISOBJ = GetObject
> ("IIS://Localhost/MSFTPSVC/1/Root")
> Set NewDir = IISOBJ.Create("IIsFtpVirtualDir",
> strUserName)
>
> Error.Number = 0
>
>
> NewDir.Path = strUserHome
> NewDir.AccessRead = True
> NewDir.AccessWrite = True
> NewDir.UNCUserName = strfullUserName
> NewDir.UNCPassword = strUserPass
> NewDir.SetInfo
> Set NewDir=Nothing
> Set IISObJ=Nothing
> Response.Redirect( "ftp://testportal" )
> 'response.write ("Your P Drive Was Mapped
> Successfully!"& "<a href=""ftp://testportal/"">Click
> Here</a><br>")
>
> %>

[scmiles]

For testing purposes, the Everyone group has permissions
to the create the VD they need in the metabase.

>-----Original Message-----
>Connecting to LDAP, IIS, etc. is not going to work for

authenticated users

>that are 'peons'... they must be members of certain

privilege groups in

>order to create an IIS application; for example, guests

and domain users do

>not have this privilege.
>
>So, this isn't necessarily that you have flaky code, but

that you expect any

>user to be able to create your objects. A possible

alternative would be to

>store the data or set some flag in a database, and have

a VBS script that

>runs as you or as Administrator, wake up every minute

and see if there is a

>user to add; if so, create the stuff. The VBS script

would then run as a

>user with enough privileges to create everything you

want to create here.

>Of course there would sometimes be a lag of up to a

minute, between the time

>the user entered the data via the ASP page, and when the

directory was

>actually created and available for use.
>
>A
>
>
>
>
>"scmiles" <scmiles@nospam-dmacc.edu> wrote in message
>news:0a9601c39283$c4ab5640$a001280a@phx.gbl...

>> I am trying to write an asp or aspx page that will

create

>> a virtual ftp directory to the users Active Directory
>> home directory. That way a user can interact

(drag/drop,

>> copy/paste) via IE with folder view for ftp sites.
>>
>> I have some code, that seems to be "flaky" it works for
>> me and some others, but not everyone. I really need to
>> get a stable version. My asp code is below. Having it
>> in ASP is fine, but it would be a bonus to have a

solid

>> ASPX (ASP.net) solution.
>>
>> There is one issue I have ran into that is pretty
>> annoying, and I am not sure if it can be fixed or not

and

>> that is the security of the virtual directory and file.
>> I would prefer that when the user is at work on the
>> network and logged in with their AD account that they
>> would not be challenged to authenticate, but I could

not

>> get the "request.ServerVariables("AUTH_PASSWORD")"

method

>> to work unless Basic Authentication is used, requiring
>> the user to login. I do not know if this can be

avoided

>> in ASP.net, but if I can use an aspx page that can get
>> the password without having to decrypt or whatever that
>> would be ideal. Anyway, here is the code I have:
>> -------------------------------------------------------

---

>> -------------------------
>> <%
>>
>> strFullUserName = request.ServerVariables("AUTH_USER")
>> strUserPass = request.ServerVariables("AUTH_PASSWORD")
>> strWebServer = request.ServerVariables("SERVER_NAME")
>> strWebServerIP = request.ServerVariables("LOCAL_ADDR")
>>
>> 'Split domain and username
>>
>> strUserDomain = strFullUserName
>> strUserDomain = Mid (strFullUserName, 1, Instr
>> (strFullUserName, "\")-1)
>> strUserDomainLength = len(strUserDomain)
>> strFullUserNameLength = Len(strFullUserName)
>> strUserName = Right (strFullUserName,
>> strFullUserNameLength - strUserDomainLength -1)
>>
>> Set objUser = GetObject("WinNT://" & strUserDomain

& "/"

>> & strUserName, user)
>> strUserHome = objUser.homeDirectory
>>
>> strVD = "ftp://" & strWebServer & "/"
>>
>>
>> On Error Resume Next
>>
>> Set IISOBJ = GetObject
>> ("IIS://Localhost/MSFTPSVC/1/Root")
>> Set NewDir = IISOBJ.Create("IIsFtpVirtualDir",
>> strUserName)
>>
>> Error.Number = 0
>>
>>
>> NewDir.Path = strUserHome
>> NewDir.AccessRead = True
>> NewDir.AccessWrite = True
>> NewDir.UNCUserName = strfullUserName
>> NewDir.UNCPassword = strUserPass
>> NewDir.SetInfo
>> Set NewDir=Nothing
>> Set IISObJ=Nothing
>> Response.Redirect( "ftp://testportal" )
>> 'response.write ("Your P Drive Was Mapped
>> Successfully!"& "<a href=""ftp://testportal/"">Click
>> Here</a><br>")
>>
>> %>

>
>
>.
>

[scmiles]

Please look at my code, this is what I am doing already,
programatically.

>-----Original Message-----
>An FTP site?? FTP Servers don't do ASP.
>
>An FTP Server will automatically dump a user into a

folder if there is

>a folder that matches their username. Just create a

virtual folder

>that is the same folder name as the username. Then point

it to

>whatever in the file system location you want it to be.

When the user

>logs in as the particular user name it will

auotmatically dump them in

>the right folder.
>
>Example:
>
>User name: JSmith
>
>Virtual Directory: JSmith
>Virtual Directory Physical

Path: "C:\where\ever\the\files\are\"

>Virtual Directory Logical Path: [url]ftp://servername/jsmith[/url]
>
>When user connect to it as JSmith they are automatically

dumped into

>thier proper folder. It might be their "ROOT" so it may

only show up

>as "ftp://servername", but I don't remember for sure.

Just have them

>upload a file, then you go look for it and see where it

ended up.

>
>
>--
>
>Phillip Windell [CCNA, MVP, MCP]
>pwindell@wandtv.com
>WAND-TV (ABC Affiliate)
>[url]www.wandtv.com[/url]
>
>"scmiles" <scmiles@nospam-dmacc.edu> wrote in message
>news:0a9601c39283$c4ab5640$a001280a@phx.gbl...

>> I am trying to write an asp or aspx page that will

create

>> a virtual ftp directory to the users Active Directory
>> home directory. That way a user can interact

(drag/drop,

>> copy/paste) via IE with folder view for ftp sites.
>>
>> I have some code, that seems to be "flaky" it works for
>> me and some others, but not everyone. I really need to
>> get a stable version. My asp code is below. Having it
>> in ASP is fine, but it would be a bonus to have a

solid

>> ASPX (ASP.net) solution.
>>
>> There is one issue I have ran into that is pretty
>> annoying, and I am not sure if it can be fixed or not

and

>> that is the security of the virtual directory and file.
>> I would prefer that when the user is at work on the
>> network and logged in with their AD account that they
>> would not be challenged to authenticate, but I could

not

>> get the "request.ServerVariables("AUTH_PASSWORD")"

method

>> to work unless Basic Authentication is used, requiring
>> the user to login. I do not know if this can be

avoided

>> in ASP.net, but if I can use an aspx page that can get
>> the password without having to decrypt or whatever that
>> would be ideal. Anyway, here is the code I have:
>> -------------------------------------------------------

---

>> -------------------------
>> <%
>>
>> strFullUserName = request.ServerVariables("AUTH_USER")
>> strUserPass = request.ServerVariables("AUTH_PASSWORD")
>> strWebServer = request.ServerVariables("SERVER_NAME")
>> strWebServerIP = request.ServerVariables("LOCAL_ADDR")
>>
>> 'Split domain and username
>>
>> strUserDomain = strFullUserName
>> strUserDomain = Mid (strFullUserName, 1, Instr
>> (strFullUserName, "\")-1)
>> strUserDomainLength = len(strUserDomain)
>> strFullUserNameLength = Len(strFullUserName)
>> strUserName = Right (strFullUserName,
>> strFullUserNameLength - strUserDomainLength -1)
>>
>> Set objUser = GetObject("WinNT://" & strUserDomain

& "/"

>> & strUserName, user)
>> strUserHome = objUser.homeDirectory
>>
>> strVD = "ftp://" & strWebServer & "/"
>>
>>
>> On Error Resume Next
>>
>> Set IISOBJ = GetObject
>> ("IIS://Localhost/MSFTPSVC/1/Root")
>> Set NewDir = IISOBJ.Create("IIsFtpVirtualDir",
>> strUserName)
>>
>> Error.Number = 0
>>
>>
>> NewDir.Path = strUserHome
>> NewDir.AccessRead = True
>> NewDir.AccessWrite = True
>> NewDir.UNCUserName = strfullUserName
>> NewDir.UNCPassword = strUserPass
>> NewDir.SetInfo
>> Set NewDir=Nothing
>> Set IISObJ=Nothing
>> Response.Redirect( "ftp://testportal" )
>> 'response.write ("Your P Drive Was Mapped
>> Successfully!"& "<a href=""ftp://testportal/"">Click
>> Here</a><br>")
>>
>> %>

>
>
>.
>

[Aaron Bertrand - MVP]

IUSR_yourmachine is NOT in the everyone group for the domain!!!!!!!



"scmiles" <anonymous@discussions.microsoft.com> wrote in message
news:001001c393ff$cbecc060$a401280a@phx.gbl...

> For testing purposes, the Everyone group has permissions
> to the create the VD they need in the metabase.

> >-----Original Message-----
> >Connecting to LDAP, IIS, etc. is not going to work for

> authenticated users

> >that are 'peons'... they must be members of certain

> privilege groups in

> >order to create an IIS application; for example, guests

> and domain users do

> >not have this privilege.
> >
> >So, this isn't necessarily that you have flaky code, but

> that you expect any

> >user to be able to create your objects. A possible

> alternative would be to

> >store the data or set some flag in a database, and have

> a VBS script that

> >runs as you or as Administrator, wake up every minute

> and see if there is a

> >user to add; if so, create the stuff. The VBS script

> would then run as a

> >user with enough privileges to create everything you

> want to create here.

> >Of course there would sometimes be a lag of up to a

> minute, between the time

> >the user entered the data via the ASP page, and when the

> directory was

> >actually created and available for use.
> >
> >A
> >
> >
> >
> >
> >"scmiles" <scmiles@nospam-dmacc.edu> wrote in message
> >news:0a9601c39283$c4ab5640$a001280a@phx.gbl...

> >> I am trying to write an asp or aspx page that will

> create

> >> a virtual ftp directory to the users Active Directory
> >> home directory. That way a user can interact

> (drag/drop,

> >> copy/paste) via IE with folder view for ftp sites.
> >>
> >> I have some code, that seems to be "flaky" it works for
> >> me and some others, but not everyone. I really need to
> >> get a stable version. My asp code is below. Having it
> >> in ASP is fine, but it would be a bonus to have a

> solid

> >> ASPX (ASP.net) solution.
> >>
> >> There is one issue I have ran into that is pretty
> >> annoying, and I am not sure if it can be fixed or not

> and

> >> that is the security of the virtual directory and file.
> >> I would prefer that when the user is at work on the
> >> network and logged in with their AD account that they
> >> would not be challenged to authenticate, but I could

> not

> >> get the "request.ServerVariables("AUTH_PASSWORD")"

> method

> >> to work unless Basic Authentication is used, requiring
> >> the user to login. I do not know if this can be

> avoided

> >> in ASP.net, but if I can use an aspx page that can get
> >> the password without having to decrypt or whatever that
> >> would be ideal. Anyway, here is the code I have:
> >> -------------------------------------------------------

> ---

> >> -------------------------
> >> <%
> >>
> >> strFullUserName = request.ServerVariables("AUTH_USER")
> >> strUserPass = request.ServerVariables("AUTH_PASSWORD")
> >> strWebServer = request.ServerVariables("SERVER_NAME")
> >> strWebServerIP = request.ServerVariables("LOCAL_ADDR")
> >>
> >> 'Split domain and username
> >>
> >> strUserDomain = strFullUserName
> >> strUserDomain = Mid (strFullUserName, 1, Instr
> >> (strFullUserName, "\")-1)
> >> strUserDomainLength = len(strUserDomain)
> >> strFullUserNameLength = Len(strFullUserName)
> >> strUserName = Right (strFullUserName,
> >> strFullUserNameLength - strUserDomainLength -1)
> >>
> >> Set objUser = GetObject("WinNT://" & strUserDomain

> & "/"

> >> & strUserName, user)
> >> strUserHome = objUser.homeDirectory
> >>
> >> strVD = "ftp://" & strWebServer & "/"
> >>
> >>
> >> On Error Resume Next
> >>
> >> Set IISOBJ = GetObject
> >> ("IIS://Localhost/MSFTPSVC/1/Root")
> >> Set NewDir = IISOBJ.Create("IIsFtpVirtualDir",
> >> strUserName)
> >>
> >> Error.Number = 0
> >>
> >>
> >> NewDir.Path = strUserHome
> >> NewDir.AccessRead = True
> >> NewDir.AccessWrite = True
> >> NewDir.UNCUserName = strfullUserName
> >> NewDir.UNCPassword = strUserPass
> >> NewDir.SetInfo
> >> Set NewDir=Nothing
> >> Set IISObJ=Nothing
> >> Response.Redirect( "ftp://testportal" )
> >> 'response.write ("Your P Drive Was Mapped
> >> Successfully!"& "<a href=""ftp://testportal/"">Click
> >> Here</a><br>")
> >>
> >> %>

> >
> >
> >.
> >

[Ray at]

Unless "yourmachine" is a DC.

Ray at work

"Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
news:et4XFSAlDHA.964@TK2MSFTNGP10.phx.gbl...

> IUSR_yourmachine is NOT in the everyone group for the domain!!!!!!!

[Aaron Bertrand - MVP]

> Unless "yourmachine" is a DC.

I don't know of too many DCs that are running ASP applications. Certainly
not where I would be running it, and certainly doesn't sound like a
foolproof way of "securing" the server...

[Ray at]

I don't know of many either. It's a bad idea, imo. But, I just wanted to
throw in the exception to the rule.

Ray at work

"Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
news:%23hFBuYAlDHA.3256@tk2msftngp13.phx.gbl...

> > Unless "yourmachine" is a DC.

>
> I don't know of too many DCs that are running ASP applications. Certainly
> not where I would be running it, and certainly doesn't sound like a
> foolproof way of "securing" the server...
>
>

[Phillip Windell]

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
message news:ubiUuTAlDHA.2776@tk2msftngp13.phx.gbl...

> Unless "yourmachine" is a DC.

I think even then I don't think it is in the Everyone Group although
it would be a Domain Account. I wouldn't swear to it, but that is how
I think it is.

--

Phillip Windell [CCNA, MVP, MCP]
[email]pwindell@wandtv.com[/email]
WAND-TV (ABC Affiliate)
[url]www.wandtv.com[/url]

[Ray at]

I just looked at the iusr domain account that exists in my domain. (I HAVE
NOTHING TO DO WITH THE FACT THAT IIS IS INSTALLED ON OUR DCS!)

ifmember /verbose /list OUR_DOMAIN_NAME\iusr_OUR_DC_NAME
User is a member of group OUR_DOMAIN_NAME\Domain Admins. <--- NICE!!
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.

--SOME OTHERS

So, it is part of everyone. And thanks to this post, I now see that some
brilliant coworker put this user in domain admins... I'll have to find out
what's up with that. Thanks!

Ray at work



"Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
news:%231IQnBBlDHA.2200@TK2MSFTNGP12.phx.gbl...

> "Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
> message news:ubiUuTAlDHA.2776@tk2msftngp13.phx.gbl...

> > Unless "yourmachine" is a DC.

>
> I think even then I don't think it is in the Everyone Group although
> it would be a Domain Account. I wouldn't swear to it, but that is how
> I think it is.
>
> --
>
> Phillip Windell [CCNA, MVP, MCP]
> [email]pwindell@wandtv.com[/email]
> WAND-TV (ABC Affiliate)
> [url]www.wandtv.com[/url]
>
>

[Ray at]

I apologize. This is wrong. This is my group listing. Oops. But, here is
the correct response. The user IS a member of everyone.


showgrps /a OUR_DOMAIN_NAME\iusr_OUR_DC_NAME

User: [OUR_DOMAIN_NAME\iusr_OUR_DC_NAME], is a member of:

\Everyone




Ray at work



"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:uWJUENBlDHA.976@tk2msftngp13.phx.gbl...

> I just looked at the iusr domain account that exists in my domain. (I

HAVE

> NOTHING TO DO WITH THE FACT THAT IIS IS INSTALLED ON OUR DCS!)
>
> ifmember /verbose /list OUR_DOMAIN_NAME\iusr_OUR_DC_NAME
> User is a member of group OUR_DOMAIN_NAME\Domain Admins. <--- NICE!!
> User is a member of group \Everyone.
> User is a member of group BUILTIN\Administrators.
> User is a member of group BUILTIN\Users.
>
> --SOME OTHERS
>
> So, it is part of everyone. And thanks to this post, I now see that some
> brilliant coworker put this user in domain admins... I'll have to find

out

> what's up with that. Thanks!
>
> Ray at work
>
>
>
> "Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
> news:%231IQnBBlDHA.2200@TK2MSFTNGP12.phx.gbl...

> > "Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
> > message news:ubiUuTAlDHA.2776@tk2msftngp13.phx.gbl...

> > > Unless "yourmachine" is a DC.

> >
> > I think even then I don't think it is in the Everyone Group although
> > it would be a Domain Account. I wouldn't swear to it, but that is how
> > I think it is.
> >
> > --
> >
> > Phillip Windell [CCNA, MVP, MCP]
> > [email]pwindell@wandtv.com[/email]
> > WAND-TV (ABC Affiliate)
> > [url]www.wandtv.com[/url]
> >
> >

>
>

[Phillip Windell]

OK..


"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
message news:ua5YkPBlDHA.1740@TK2MSFTNGP12.phx.gbl...

> I apologize. This is wrong. This is my group listing. Oops. But,

here is

> the correct response. The user IS a member of everyone.
>
>
> showgrps /a OUR_DOMAIN_NAME\iusr_OUR_DC_NAME
>
> User: [OUR_DOMAIN_NAME\iusr_OUR_DC_NAME], is a member of:
>
> \Everyone
>
>
>
>
> Ray at work
>
>
>
> "Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in

message

> news:uWJUENBlDHA.976@tk2msftngp13.phx.gbl...

> > I just looked at the iusr domain account that exists in my domain.

(I

> HAVE

> > NOTHING TO DO WITH THE FACT THAT IIS IS INSTALLED ON OUR DCS!)
> >
> > ifmember /verbose /list OUR_DOMAIN_NAME\iusr_OUR_DC_NAME
> > User is a member of group OUR_DOMAIN_NAME\Domain Admins. <---

NICE!!

> > User is a member of group \Everyone.
> > User is a member of group BUILTIN\Administrators.
> > User is a member of group BUILTIN\Users.
> >
> > --SOME OTHERS
> >
> > So, it is part of everyone. And thanks to this post, I now see

that some

> > brilliant coworker put this user in domain admins... I'll have

to find

> out

> > what's up with that. Thanks!
> >
> > Ray at work
> >
> >
> >
> > "Phillip Windell" <pwindell{at}wandtv*d0t*com> wrote in message
> > news:%231IQnBBlDHA.2200@TK2MSFTNGP12.phx.gbl...

> > > "Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in
> > > message news:ubiUuTAlDHA.2776@tk2msftngp13.phx.gbl...
> > > > Unless "yourmachine" is a DC.
> > >
> > > I think even then I don't think it is in the Everyone Group

although

> > > it would be a Domain Account. I wouldn't swear to it, but that

is how

> > > I think it is.
> > >
> > > --
> > >
> > > Phillip Windell [CCNA, MVP, MCP]
> > > [email]pwindell@wandtv.com[/email]
> > > WAND-TV (ABC Affiliate)
> > > [url]www.wandtv.com[/url]
> > >
> > >

> >
> >

>
>

[Aaron Bertrand - MVP]

> I apologize. This is wrong.

I was going to say, if he were a member of domain admins, then the whole
setup is sketchy, because someone must have purposely done that.

[Ray at]

It would not surprise me where I work. I see random users in the domain
admins group all the time. "Oh, so and so needed permissions to install a
program, so I put him in the domain admins group so he'd have admin rights
on the local workstation." "Why didn't you at least just add him only to
the local admin group on his machine." "How do I do that?" Nice.

Ray at work

"Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
news:epsiWbBlDHA.372@TK2MSFTNGP11.phx.gbl...

> > I apologize. This is wrong.

>
> I was going to say, if he were a member of domain admins, then the whole
> setup is sketchy, because someone must have purposely done that.
>
>

[Aaron Bertrand [MVP]]

> on the local workstation." "Why didn't you at least just add him only to

> the local admin group on his machine." "How do I do that?" Nice.

And we wonder why half of the jobs in the IT industry are being outsourced
to India.