|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Authentication is not wanted.I have a web server (2003) IIS6
Whenever a different computer connects to the web site, they get a username and password request, but "Enable anonymous access" is on for the web site. If I remove the option "Integrated Windows authentication" then the page immediately fails to load with "You are not authorized to view this page". I have come to the conclusion that there are "NTFS access control lists" that are affecting the logon. That could be because this server was originally configured as a domain controller with Active Directory. I have since demoted the machine. When I go through the "Active Directory Users and Computers" it is empty. Everything else is working fine I just need anonymous access for remote users. Can anyone help? So it's a member server now ? if you go to computer management do you see
local users ? if yes, in the NTFS config screen, just grant permissions to the iusr_computername account. -- Show quoteHide quoteRegards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ "Paul" <pauln.o.s.p.***@laberg.com.au> wrote in message news:%23rUXQcMjFHA.3448@TK2MSFTNGP10.phx.gbl... >I have a web server (2003) IIS6 > Whenever a different computer connects to the web site, they get a > username and password request, but "Enable anonymous access" is on for the > web site. > If I remove the option "Integrated Windows authentication" then the page > immediately fails to load with "You are not authorized to view this page". > I have come to the conclusion that there are "NTFS access control lists" > that are affecting the logon. That could be because this server was > originally configured as a domain controller with Active Directory. I have > since demoted the machine. When I go through the "Active Directory Users > and Computers" it is empty. > Everything else is working fine I just need anonymous access for remote > users. > > Can anyone help? > Yes it is a member server now and I see local users through the computer
management interface. This is going to sound like a really dumb question but here it goes... Where do I find the NTFS config screen you mentioned? If I search in the help that was loaded onto the server I get 0 responses for "NTFS configuration". Under the local user I can't see a way to grant IUSR_ access. Is it under Local Security settings? Thanks for the help. Show quoteHide quote "Bernard Cheah [MVP]" <qbern***@hotmail.com.discuss> wrote in message news:%23b8oejQjFHA.3784@tk2msftngp13.phx.gbl... > So it's a member server now ? if you go to computer management do you see > local users ? > if yes, in the NTFS config screen, just grant permissions to the > iusr_computername account. > > -- > Regards, > Bernard Cheah > http://www.microsoft.com/iis/ > http://www.iiswebcastseries.com/ > http://www.msmvps.com/bernard/ > > > "Paul" <pauln.o.s.p.***@laberg.com.au> wrote in message > news:%23rUXQcMjFHA.3448@TK2MSFTNGP10.phx.gbl... >>I have a web server (2003) IIS6 >> Whenever a different computer connects to the web site, they get a >> username and password request, but "Enable anonymous access" is on for >> the web site. >> If I remove the option "Integrated Windows authentication" then the page >> immediately fails to load with "You are not authorized to view this >> page". >> I have come to the conclusion that there are "NTFS access control lists" >> that are affecting the logon. That could be because this server was >> originally configured as a domain controller with Active Directory. I >> have since demoted the machine. When I go through the "Active Directory >> Users and Computers" it is empty. >> Everything else is working fine I just need anonymous access for remote >> users. >> >> Can anyone help? >> > > This explains why you can get "access denied" when anonymous access is
enabled: http://blogs.msdn.com/david.wang/archive/2005/05/27/Access_Denied_to_Administrators_or_Anonymous_User.aspx This explains some reasons why anonymous access is not working: http://blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx Right now, it sounds like you have somehow configured the IIS anonymous user account to be an invalid username/password, so IIS fails to logon using that identity and anonymous authentication fails with access denied. The solution is to sync up that anonymous user credential in IIS with reality. How you do this is completely up to you -- you choose the anonymous user credential and then make sure it has file system ACL for access -- reasoning is all described by the above blog entries From explorer, you can select and right click Properties on the selected files/folders to view/edit/change its NTFS ACLs. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Paul" <pauln.o.s.p.***@laberg.com.au> wrote in message Yes it is a member server now and I see local users through the computernews:en$OlmRjFHA.3300@TK2MSFTNGP15.phx.gbl... management interface. This is going to sound like a really dumb question but here it goes... Where do I find the NTFS config screen you mentioned? If I search in the help that was loaded onto the server I get 0 responses for "NTFS configuration". Under the local user I can't see a way to grant IUSR_ access. Is it under Local Security settings? Thanks for the help. Show quoteHide quote "Bernard Cheah [MVP]" <qbern***@hotmail.com.discuss> wrote in message news:%23b8oejQjFHA.3784@tk2msftngp13.phx.gbl... > So it's a member server now ? if you go to computer management do you see > local users ? > if yes, in the NTFS config screen, just grant permissions to the > iusr_computername account. > > -- > Regards, > Bernard Cheah > http://www.microsoft.com/iis/ > http://www.iiswebcastseries.com/ > http://www.msmvps.com/bernard/ > > > "Paul" <pauln.o.s.p.***@laberg.com.au> wrote in message > news:%23rUXQcMjFHA.3448@TK2MSFTNGP10.phx.gbl... >>I have a web server (2003) IIS6 >> Whenever a different computer connects to the web site, they get a >> username and password request, but "Enable anonymous access" is on for >> the web site. >> If I remove the option "Integrated Windows authentication" then the page >> immediately fails to load with "You are not authorized to view this >> page". >> I have come to the conclusion that there are "NTFS access control lists" >> that are affecting the logon. That could be because this server was >> originally configured as a domain controller with Active Directory. I >> have since demoted the machine. When I go through the "Active Directory >> Users and Computers" it is empty. >> Everything else is working fine I just need anonymous access for remote >> users. >> >> Can anyone help? >> > > Yes, as David pointed out, you grant the NTFS permission via windows
explorer, here's the similar steps in IIS5. How To Use NTFS Security to Protect a Web Page Running on IIS 4.0 or 5.0 http://support.microsoft.com/?id=299970 -- Show quoteHide quoteRegards, Bernard Cheah http://www.microsoft.com/iis/ http://www.iiswebcastseries.com/ http://www.msmvps.com/bernard/ "Paul" <pauln.o.s.p.***@laberg.com.au> wrote in message news:en$OlmRjFHA.3300@TK2MSFTNGP15.phx.gbl... > Yes it is a member server now and I see local users through the computer > management interface. > This is going to sound like a really dumb question but here it goes... > Where do I find the NTFS config screen you mentioned? If I search in the > help that was loaded onto the server I get 0 responses for "NTFS > configuration". Under the local user I can't see a way to grant IUSR_ > access. Is it under Local Security settings? > > Thanks for the help. > > "Bernard Cheah [MVP]" <qbern***@hotmail.com.discuss> wrote in message > news:%23b8oejQjFHA.3784@tk2msftngp13.phx.gbl... >> So it's a member server now ? if you go to computer management do you >> see local users ? >> if yes, in the NTFS config screen, just grant permissions to the >> iusr_computername account. >> >> -- >> Regards, >> Bernard Cheah >> http://www.microsoft.com/iis/ >> http://www.iiswebcastseries.com/ >> http://www.msmvps.com/bernard/ >> >> >> "Paul" <pauln.o.s.p.***@laberg.com.au> wrote in message >> news:%23rUXQcMjFHA.3448@TK2MSFTNGP10.phx.gbl... >>>I have a web server (2003) IIS6 >>> Whenever a different computer connects to the web site, they get a >>> username and password request, but "Enable anonymous access" is on for >>> the web site. >>> If I remove the option "Integrated Windows authentication" then the page >>> immediately fails to load with "You are not authorized to view this >>> page". >>> I have come to the conclusion that there are "NTFS access control lists" >>> that are affecting the logon. That could be because this server was >>> originally configured as a domain controller with Active Directory. I >>> have since demoted the machine. When I go through the "Active Directory >>> Users and Computers" it is empty. >>> Everything else is working fine I just need anonymous access for remote >>> users. >>> >>> Can anyone help? >>> >> >> > >  
Other interesting topics
Integrated Authenticatoin - Default to the main domain
IIS authentification with a ASP Application on a SAMBA host IIS6 NT Authentication fails http to https redirect problem secure ftp Basic auth without dialog - no database Why is login requesting domain for some users? firewall suggestions? Not authorized to view page IIS5 Running IIS MMC from workstation |
|||||||||||||||||||||||
