locked
SharePoint Permission is acting weird RRS feed

  • Question

  • We have this site that was migrated from wss to MOSS. The site used to be its own farm, but got migrated to our enterprise environment. For some reasons, though we set up the security to not allow certain people access to the site, we came across recently an incident that shows that the security set up is messed up. People were having access to the site and documents.

    Can someone please help me get to the bottom of this, as to why it's allowing the general public to have access to a site with restricted permission?

     

    Thank you,


    Stech
    Wednesday, February 16, 2011 12:28 PM

Answers

  • Hi Stanley Nazaire,

     

    From your post, you want to know whether it is possible that a WSS 3.0 farm which allows anonymous access before migration, but after migration the anonymous is set to false even the farm allow anonymous access.

     

    You can turn off anonymous user access in IIS in the new farm, then perform the migration. Turn on anonymous user access in IIS (optional — use this setting only if you want to migrate anonymous access settings).

     

    If you have any questions, please don’t hesitate to let me know.

     

    Thanks,

    Rock Wang

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Regards, Rock Wang Microsoft Online Community Support
    • Marked as answer by Seven M Friday, February 25, 2011 7:12 AM
    Friday, February 18, 2011 2:39 AM

All replies

  • Was this site migrated from an earlier version of WSS/SharePoint 2003?  Typically when these sites are migrated, you'll see permissions are granted to individuals that may have previously been permissioned within a user group.  In SharePoint 2007, permission groups are different from user groups, so I'd suggest that you check both.

    Site Actions --> Site Settings takes you to the administrations screen.  Under the Users & Permissions screen on the left, click on the Advanced Permissions.  This will take you through to who has what permission.  If you see a load of entries here that conflict with the groups (if the groups have successfully migrated over), I'd suggest deleting all of these, barring the administrators, creating the basic groups and populating these accordingly.

     


    http://www.final-exodus.net
    Wednesday, February 16, 2011 1:01 PM
    Answerer
  • The Farm actually came from a WSS 3.0 version. If the permission were set up in the the WSS3.0 farm would it get overwritten once it gets migrated. Do you mind elaborating for me please on the ramification to security when a site is migrated over from WSS 3.0 to MOSS 2007. Thank You
    Stech
    Wednesday, February 16, 2011 1:33 PM
  • Hi Stanley,

    Unless you used the -includeusersecurity flag when exporting/importing, you'll move the users, but not the current security model, meaning you'll have to reconfigure them all.  You might find this useful.

    http://blogs.microsoft.co.il/blogs/joe/archive/2008/11/22/transferring-a-site-from-wss-3-to-moss-2007-part-1.aspx


    http://www.final-exodus.net
    Wednesday, February 16, 2011 2:31 PM
    Answerer
  • Is it possible that if a WSS 3.0 farm that has Allow Anonymous User Access set to true at the Authentication Provider settings that if that farm gets migrated over to a different MOSS farm with Allow Anonymous set to false that even after the migration the WSS 3.0 FARM maintains the allow anonymous access?
    Stech
    Wednesday, February 16, 2011 7:08 PM
  • You can check if Anonymous access is turned on in your web app. It is not difficult to turn it off, just disable that option. Technet article on anonymous access: http://technet.microsoft.com/en-us/library/cc263363(office.12).aspx

    Security inheritance can be broken too, so may be there are certain sections where all the authenticated users have been given permission. 


    Regards, Mahesh
    Wednesday, February 16, 2011 8:19 PM
  • Hi Stanley Nazaire,

     

    From your post, you want to know whether it is possible that a WSS 3.0 farm which allows anonymous access before migration, but after migration the anonymous is set to false even the farm allow anonymous access.

     

    You can turn off anonymous user access in IIS in the new farm, then perform the migration. Turn on anonymous user access in IIS (optional — use this setting only if you want to migrate anonymous access settings).

     

    If you have any questions, please don’t hesitate to let me know.

     

    Thanks,

    Rock Wang

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Regards, Rock Wang Microsoft Online Community Support
    • Marked as answer by Seven M Friday, February 25, 2011 7:12 AM
    Friday, February 18, 2011 2:39 AM
  • Hi Stanley Nazaire,

     

    I just wanted to say hi, and to see how things are going. I haven't heard back from you yet and I was wondering if there are any updates on the case.

     

    Thanks,

    Rock Wang

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    Regards, Rock Wang Microsoft Online Community Support
    Wednesday, February 23, 2011 5:49 AM