In an Intranet environment, I have an FTP server set up for publishing files to websites. A user connected to the production FTP server (allowed) to publish files (allowed) then navigated to a folder that was not hers (allowed) then wrote files there (allowed by FTP, but not by NTFS.)
Only Administrators and System have rights to Write to that folder, and she's not an adminstrator through any group.
Does FTP ignore NTFS securities? How did she write to a site to which she only has read access?
Thanks.
IIS should honor NTFS permissions. Without being able to look at your ACLs it is very tempting to suspect that you have your permissions setup wrong. It might be useful if you ran cacls on the directory and posted the results.