Permissions on another server

1. On an Intranet app which tracks tickets for the Tech Support
department, I have the word "Files" hyperlinked like this:
<a href=\\servername\files\ target="_blank">
and it points to a server on the network where files relating to
tickets are located.
First problem - getting ASP and, more importantly, the FSO to
be able to see anything /not/ stored on the same piece of tin.
Sadly, I've never had the need to do this - hopefully someone
else can fill this bit in.
I'd like to be able to point that link directly to the folder, which has
the same number as that ticket. For example, if you're clicking the
link from the page for ticket 1000, your link would be to
\\servername\files\1000.
Bad Idea. Once you put a link like that out in the open, it's /murder/
to try and secure it again. Have your ASP code produce a link to
[A.N.Other] ASP, passing the ticket number as a QueryString
parameter.
The problem with working with the above is that in some cases, the
folder doesn't exist, and when you click it, it really hoses your
browser.
There is an equivalent FolderExists() method but, again, I'm, not
sure you'll be able to use it "off" the box.
Also, is this a potential security problem?
Yes.
2. Now this one is more complex. I want to make it where only
people who are in the Tech Support Dept have permissions to even
get into the "files" directory described above.
This is where the A.N.Other ASP comes into its own.
It is given the ticket number and can, presumably, work out just
/who/ is trying to access it. The combination of these two determines
the output generated (i.e. a file listing or a [polite] "go away" message).
if I have named a particular person in another department to help
me on a ticket, I'd like to automatically give him permissions to get
to that directory.
Now that's a different challenge. How are you linking the two
(person and ticket) together?
if I am getting John the DBA's help for Ticket 1000, and I have
marked him as helping me in my SQL Server database,
Oops - missed that bit.
then he'd have access to the folder called 1000 inside the Files
directory.

So you have a database table somewhere that links people to
tickets. Your ASP would have to interrogate this, using the given
ticket number and current UserId (however you get hold of it).
If there's a "match", you can generate the file listing of that ticket's
directory. If not, out goes the [polite] "go away" message.

This is where the A.N.Other ASP comes into its own.
Do you just mean another, separate ASP file to do the processing?

Yes; just a regular ASP, written to deal with this particular job.
No components required.
the boss is asking me
Oh dear ...
to use ASP code to allow permissions on the directory, when
it otherwise would not allow them.

damage if your site were to be hacked...

consider the potential for damage if your site were to be hacked...

Well, this is Intranet.