Taking user out of MACHINENAME\Users group does not disallow them from authenticating with IIS site

Posted by jayrdub on Server Fault See other posts from Server Fault or by jayrdub
Published on 2009-09-16T18:35:31Z Indexed on 2010/04/11 5:03 UTC
Read the original article Hit count: 231

Filed under:
|

I have a site that has anonymous access disabled and uses only IIS basic authentication. The site's home directory only has the MACHINENAME\Users group with permissions. I have one user that I don't want to be able to log-in to this site, so I thought all I would need to do is take that user out of the Users group, but doing so still allows him to authenticate. I know it is the Users group that is allowing authentication because if I remove that group's permissions on the directory, he is not allowed to log in.

Is there something special about the Users group that makes it so you are actually always a part of it?

Is the only solution to revoke the Users group's permissions on the site's home directory and grant a new group access that contains only the allowed users?

© Server Fault or respective owner

Related posts about iis6

Related posts about security