I am working on an intranet site for our company that will display the folder & file listing for a network drive.
I want only a select few people to be able to edit the files in the directory, and this can be done easily through explorer. However, for the intranet users I want them to be able to open the files, but not be able to write back to the directory my page is reading from. (read only)
I am using PHP to map a network drive using a com object
/* Map the drive */
$WshNetwork->MapNetworkDrive( "$letter:" , '\\\server\\file' , FALSE, 'domain\\user' , 'password' ) or die( 'Unable to map drive');
As you can see I am specifying the user when doing this. The user specified here has read only permissions to the directory I am mapping.
However, I could not get this command to work as is. Instead I had to see what user was logged into our web server (admin) and add them to the directory as well. Unfortunately (obviously) admin has full access to everything.
As mentioned, the IUSR I am specifying when mapping only has read permissions to the directory, but when doing testing I am finding that I am still able to open, edit & save the files back to the dir via the intranet. This leads me to believe I am accessing my mapped drive as Admin instead. I would have thought specifying the user when mapping would changed this.
Other info that might be handy is looking at the services, IIS is running as who ever is logged in to the server (admin). I have not forced it to run as someone else as I am not sure of any negative effects this may have on other sections of our intranet.
I am no networking guru (or php guru for that matter), so please help shed light on what I am doing wrong here.
Thank you
