FP2000: Everyone Has Full Administrator Privileges to FrontPage Web

In Microsoft FrontPage, when you open a Web that resides on a Microsoft Internet Information Services (IIS) computer, you may not be prompted to enter your user name and password as expected. Instead, you have full administrator privileges to the Web, even though your user account specifies otherwise.

This behavior can occur if any of the following conditions are true about the default anonymous user account, IUSR_computer name, which is created by IIS:

�	The account is a member of the Microsoft Windows NT or Microsoft Windows 2000 Administrators group. -or-
�	The account is replaced by the Administrator account or a member of the Administrators group as the anonymous user account in IIS. -or-
�	The account is granted Administer permissions to the Web in FrontPage.

If the IUSR_computer name account has Administer permissions, users who access the Web do not receive a user name and password message. As a result, they can browse, modify the contents of the files, and fully administer the Web in FrontPage. FrontPage grants administrator access by default to all members of the Administrators group and the System account.

In Windows NT or Windows 2000, remove (if present) the Everyone group and the IUSR_computer name user account from the Administrators group.

To do this, follow these steps:

1.	If you are running Windows 2000, click Start, point to Programs, point to Administrative Tools, and then click Computer Management. Double-click Local Users and Groups, click Groups, and then double-click Administrators. If you are running Windows NT, click Start, point to Programs, point to Administrative Tools, and then click User Manager. Under Groups, double-click Administrators.
2.	Under Members, click Everyone, and then click Remove. Repeat this step to remove the IUSR_computer name user account from the Administrators group.

In IIS, verify that IUSR_computer name is set as the account used for anonymous access to the Web site.

To do this, follow these steps:

1.	On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager or open the custom Microsoft Management Console (MMC) that contains the IIS snap-in.
2.	Right-click the appropriate Web site, click Properties, and then click the Directory Security tab.
3.	Under Anonymous access and authentication control, click Edit, and then click Edit under Anonymous access.
4.	In the Username box, remove (if present) the Administrator or any user that is a member of the Administrators group, click Browse to select IUSR_computer name, and then click OK.

In FrontPage, check the permissions that the IUSR_computer name account and the Everyone group have for access to the Web. If you want users to have "read" access to the Web, configure the IUSR_computer name user account and the Everyone group with Browse permissions.

To do this, follow these steps:

1.	Start FrontPage, and then open the Web.
2.	On the Tools menu, point to Security, and then click Permissions.
3.	Click the Users tab, select IUSR_computer name, and then click Edit. Under User can, click Browse.
4.	Click Apply, and then click OK.
5.	Click the Groups tab, select the Everyone group, and then click Edit. Under User can, select Browse.
6.	Click Apply, and then click OK.

If you want to have tighter security and do not want users to gain access to the Web in FrontPage, remove the IUSR_computer name account and the Everyone group from the Web.

To do this, follow these steps:

1.	Start FrontPage, and then open the Web.
2.	On the Tools menu, point to Security, and then click Permissions.
3.	Click the Users tab, select IUSR_computer name, and then click Remove.
4.	Click the Groups tab, select the Everyone group, and then click Remove.
5.	Click Apply, and then click OK.

For more information about FrontPage security, click Microsoft FrontPage Help on the Help menu, type permissions in the Office Assistant or the Answer Wizard, and then click Search to view the topics returned.

For additional information about setting permissions in FrontPage, click the article number below to view the article in the Microsoft Knowledge Base: