|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Problem with securing of Windows 2000 SP4 IIS with AD Windows 2003I have a question regarding the securing of Windows 2000 SP4 IIS with AD
Windows 2003. The symptoms are that the security prompts users to log in on opening an intranet page. I reset the security setting on the folder and the prompting stops. However, after a reboot of the server or restart of the services the prompting begins again for some (not all) groups added to the setup. The setup includes Windows 2000 server IIS running on a Windows 2003 Active Directory network. Groups from multiple OU are added to the security of the folder containing the intranet pages. IIS authentication is set to anonymous. Upon a reset of permissions the permissions function OK, but after reboot or restart of IIS services the intranet page prompts for some users to log in. By changing all security settings to everyone or authorised user the page accessible, but that is not an option as it gives to much access. How can I resolve this and still keep security? Hi,
If allowed access includes "Allow Anonymous Authentication", then which users/groups you add to the NTFS folder permissions is irrelevant. The accounts you need to add are either IUSR_machinename (for HTML, ASP pages), IWAM_machinename (for global.asa etc) and Machine\ASPNET (for ASP.NET pages) Cheers Ken Show quoteHide quote "Guardian-M2005" <Guardian-M2***@discussions.microsoft.com> wrote in message news:77CBD13D-E0EA-4F83-B97D-972797A66278@microsoft.com... :I have a question regarding the securing of Windows 2000 SP4 IIS with AD : Windows 2003. The symptoms are that the security prompts users to log in on : opening an intranet page. I reset the security setting on the folder and the : prompting stops. However, after a reboot of the server or restart of the : services the prompting begins again for some (not all) groups added to the : setup. : : The setup includes Windows 2000 server IIS running on a Windows 2003 Active : Directory network. Groups from multiple OU are added to the security of the : folder containing the intranet pages. IIS authentication is set to anonymous. : : Upon a reset of permissions the permissions function OK, but after reboot or : restart of IIS services the intranet page prompts for some users to log in. : : By changing all security settings to everyone or authorised user the page : accessible, but that is not an option as it gives to much access. : : How can I resolve this and still keep security? : Hi
I'm sorry - tried that. This does not help as all that adding these users is give unrestricted access to everyone to the pages. I need to have the site to be accessible only to select groups. Is there any way to do this without the user being prompted to login? Show quoteHide quote "Ken Schaefer" wrote: > Hi, > > If allowed access includes "Allow Anonymous Authentication", then which > users/groups you add to the NTFS folder permissions is irrelevant. The > accounts you need to add are either IUSR_machinename (for HTML, ASP pages), > IWAM_machinename (for global.asa etc) and Machine\ASPNET (for ASP.NET pages) > > Cheers > Ken > > "Guardian-M2005" <Guardian-M2***@discussions.microsoft.com> wrote in message > news:77CBD13D-E0EA-4F83-B97D-972797A66278@microsoft.com... > :I have a question regarding the securing of Windows 2000 SP4 IIS with AD > : Windows 2003. The symptoms are that the security prompts users to log in > on > : opening an intranet page. I reset the security setting on the folder and > the > : prompting stops. However, after a reboot of the server or restart of the > : services the prompting begins again for some (not all) groups added to the > : setup. > : > : The setup includes Windows 2000 server IIS running on a Windows 2003 > Active > : Directory network. Groups from multiple OU are added to the security of > the > : folder containing the intranet pages. IIS authentication is set to > anonymous. > : > : Upon a reset of permissions the permissions function OK, but after reboot > or > : restart of IIS services the intranet page prompts for some users to log > in. > : > : By changing all security settings to everyone or authorised user the page > : accessible, but that is not an option as it gives to much access. > : > : How can I resolve this and still keep security? > : > > > If you enable authentication (like Integrated) and disable anonymous, then
things should automatically work. The only time you'll get the login dialog is if the NTFS ACL on the resource actually denies access to the remote user -- meaning it is your response to ensure that those permissions are set up correctly on the file. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Guardian-M2005" <GuardianM2***@discussions.microsoft.com> wrote in message I'm sorry - tried that. This does not help as all that adding these users isnews:E2805ECA-BC9C-49B4-A8D1-DE136BDD1A12@microsoft.com... Hi give unrestricted access to everyone to the pages. I need to have the site to be accessible only to select groups. Is there any way to do this without the user being prompted to login? Show quoteHide quote "Ken Schaefer" wrote: > Hi, > > If allowed access includes "Allow Anonymous Authentication", then which > users/groups you add to the NTFS folder permissions is irrelevant. The > accounts you need to add are either IUSR_machinename (for HTML, ASP pages), > IWAM_machinename (for global.asa etc) and Machine\ASPNET (for ASP.NET pages) > > Cheers > Ken > > "Guardian-M2005" <Guardian-M2***@discussions.microsoft.com> wrote in message > news:77CBD13D-E0EA-4F83-B97D-972797A66278@microsoft.com... > :I have a question regarding the securing of Windows 2000 SP4 IIS with AD > : Windows 2003. The symptoms are that the security prompts users to log in > on > : opening an intranet page. I reset the security setting on the folder and > the > : prompting stops. However, after a reboot of the server or restart of the > : services the prompting begins again for some (not all) groups added to the > : setup. > : > : The setup includes Windows 2000 server IIS running on a Windows 2003 > Active > : Directory network. Groups from multiple OU are added to the security of > the > : folder containing the intranet pages. IIS authentication is set to > anonymous. > : > : Upon a reset of permissions the permissions function OK, but after reboot > or > : restart of IIS services the intranet page prompts for some users to log > in. > : > : By changing all security settings to everyone or authorised user the page > : accessible, but that is not an option as it gives to much access. > : > : How can I resolve this and still keep security? > : > > > If you only want to give selected users access then:
a) disable "allow anonymous authentication" b) enable "Integrated Windows Authentication" c) ensure that your website meets all the guidelines here: http://support.microsoft.com/?id=258063 (for example, add the site to the local Intranet security zone etc) Cheers Ken Show quoteHide quote "Guardian-M2005" <GuardianM2***@discussions.microsoft.com> wrote in message news:E2805ECA-BC9C-49B4-A8D1-DE136BDD1A12@microsoft.com... : Hi : : I'm sorry - tried that. This does not help as all that adding these users is : give unrestricted access to everyone to the pages. I need to have the site : to be accessible only to select groups. : : Is there any way to do this without the user being prompted to login? : : "Ken Schaefer" wrote: : : > Hi, : > : > If allowed access includes "Allow Anonymous Authentication", then which : > users/groups you add to the NTFS folder permissions is irrelevant. The : > accounts you need to add are either IUSR_machinename (for HTML, ASP pages), : > IWAM_machinename (for global.asa etc) and Machine\ASPNET (for ASP.NET pages) : > : > Cheers : > Ken : > : > "Guardian-M2005" <Guardian-M2***@discussions.microsoft.com> wrote in message : > news:77CBD13D-E0EA-4F83-B97D-972797A66278@microsoft.com... : > :I have a question regarding the securing of Windows 2000 SP4 IIS with AD : > : Windows 2003. The symptoms are that the security prompts users to log in : > on : > : opening an intranet page. I reset the security setting on the folder and : > the : > : prompting stops. However, after a reboot of the server or restart of the : > : services the prompting begins again for some (not all) groups added to the : > : setup. : > : : > : The setup includes Windows 2000 server IIS running on a Windows 2003 : > Active : > : Directory network. Groups from multiple OU are added to the security of : > the : > : folder containing the intranet pages. IIS authentication is set to : > anonymous. : > : : > : Upon a reset of permissions the permissions function OK, but after reboot : > or : > : restart of IIS services the intranet page prompts for some users to log : > in. : > : : > : By changing all security settings to everyone or authorised user the page : > : accessible, but that is not an option as it gives to much access. : > : : > : How can I resolve this and still keep security? : > : : > : > : > 
Other interesting topics
How to create a client side certificate on a Windows 2000 Server
localhost vs IP address in IE Web Application cannot create folder in wwwroot\ SSL setup problem on IIS 5 Requisites for a very unsafe IIS5! IIS 401 Error Using Virtual Directory to remote folder IServerXMLHTTPRequest authentication problem System.UnauthorizedAccessException //got stuck Check User's Permissions on a file/folder in IIS 6.0 by ASP or ASP |
|||||||||||||||||||||||
