NT Users and NT Groups
Users and groups
When installing a site on your server, usually multiple NT users are used by your site:
- Identity of the IIS Application Pool of the Cms server
- Identity of the IIS Application Pool of the Pub server
- Windows users defined in the Smartsite.Security.config file.
- Your NT account when using the TestSuite.
Because all these users need access to folders on disk, registry keys and Http Namespaces, SetSiteSecurity sets Acl's (Access Control Lists) on your system for you and validates for users involved that they have sufficient access to all the required resources. To avoid settings the Acl's for each user, SetSiteSecurity creates 3 NT groups on your system and adds the involved users of your site to each of these groups. The Acl's are then applied to the NT groups. This helps you manage security settings on your system. The following groups are created:
- Smartsite All Users (used for all sites on your server)
- Smartsite <sitename> Publication server (site specific group)
- Smartsite <sitename> Cms server (site specific group)
The first group is shared by all Smartsite sites on your server. All users used by the Cms and Pub server are added to this group. Access to several global folders (e.g. the Temporary Asp.Net files folders) is managed by this group.
The second group contains all users that are used by the Pub server. Access to site specific folders, registry keys and Http Namespaces used by the Publication server are managed by this group.
The third group contain the user used by the Cms server. Access to site specific folder and registry keys used by the Cms server are managed by this group.
Selecting groups
The dialog below shows you which NT groups are used for the logical user groups. The users in each logical group will be added to the NT group if they are not yet a member of that group. SetSiteSecurity will automatically suggest a group name for you. If that group does not exist, it will be created. You can use the dropdown to select an existing group or to specify a different name but it is recommended that you use the suggested name.