| Title: | Windows NT |
| Notice: | See note 15.0 for HCL location |
| Moderator: | TARKIN::LIN�.com::FOLEY |
| Created: | Thu Oct 31 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 6086 |
| Total number of notes: | 31449 |
Hi pros,
I had a question on setting up the IIS Security feature. Can someone
give me a direction?
What I had done is:
1. Install the IIS Server version 1.0c, this is the latest IIS version
which can run under NT 3.51.
2. Because I would like limit some pages for specific person, I set the
permission under security menu in File manager. For me, I had setup
some people in my group and some people in Digital1 domain to read and
execute the pages.
3. Under User Manager for Domain, setup all the people which I
mentioned to have the right "Log on locally"
4. In IIS setup, I checked the anonymous login, bacic authentic, and
Windows NT Challege/Responsive check boxs and open the directory
browsing.
That's all. Then the story begins. ;-( I am in Digital3 domain, so
when everyone in my group want to access the restricted pages, the
browser will ask to enter username and password, the user locally will
gain the right to access the pages, there is no problem here. Then,
someone in Digital3 try to access the pages, but what he got is an
access denied dialog box. I am not sure what happen here, so I checked
the log files generated by IIS, it indicated that the user had been
authorized, say, I did see the user in Digital1 in the log file and
then try to get the protected file.
IMHO, IIS did process the user request, and let the user "log on
locally", but something wrong when the "user" try to access the
protected page. That's the question.
BTW, the restricted area is a directory, I am just letting users to
browsing the directory, is it a matter?
Thanks in advance.
-Double Chiang
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 5988.1 | It works for me | HLFS00::ERIC_S | Eric Sonneveld MCS - B.O. IS Holland | Fri May 09 1997 00:51 | 42 |
> That's all. Then the story begins. ;-( I am in Digital3 domain, so > when everyone in my group want to access the restricted pages, the > browser will ask to enter username and password, the user locally will > gain the right to access the pages, there is no problem here. Then, > someone in Digital3 try to access the pages, but what he got is an > access denied dialog box. I am not sure what happen here, so I checked > the log files generated by IIS, it indicated that the user had been > authorized, say, I did see the user in Digital1 in the log file and > then try to get the protected file. > > IMHO, IIS did process the user request, and let the user "log on > locally", but something wrong when the "user" try to access the > protected page. That's the question. > > BTW, the restricted area is a directory, I am just letting users to > browsing the directory, is it a matter? > I've had the same husle to get our IIS secure running. I also did need a secure WEBsever. This is what I did: (I use Frontpage btw) Setup the IIS with basic (for Netscape client browsers) and Nt/ challange (for MIE client browsers) security - no allow anonnimous. Setup a trust relation from our resource domain with digital1/2/3 Setup restricted WEB using the 'public' parts of the webpages using digital1/2/3 - domain users browse access (in nt this revials as special access for browse users: RWD - access ) Setup login local right for DIGITAL1/2/3 domain users (this can not be avoided - but the console of the system is in a secured area...) The restricted webpages are in special webs and have the authorised users only on the browse list. Using this setup we can allow users to certain WEB reports with restircted access. MIE users do not need to give the credials 'when they did configure the browser correctly': in proxy access setup *.dec.com in the box exception for proxy server adresses. (only mark the intranet box is not sufficient) Netscape users need to supply the credential as domain\username (eg digital2\jansen) Eric | |||||