I have a ASP file on my webserver that is locked down with Windows NTFS File security, which does not include the IUsr_Servername account. A User that should not have access to this page is still getting there. The ASP is being executed with the IUsr account....somehow.... though if I log onto the server with the IUsr account I get access denied when trying to access that same ASP file. So my question is how does the IUsr account execute the ASP file if it does not have NTFS permissions to that file? If I go into IIS and turn off Anonymous access for that file...the user in question cannot get it. But I shouldn't have to do that right? When the IIS server loads the page as the Anonymous access account it still has to follow Windows file permissions doesn't it?
Thanks
JR
Thanks
JR