|
Home > Archive > IIS Server Security > March 2004 > Authentication troubles
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Authentication troubles
|
|
|
| I have a web folder setup on IIS 5 on Win 2K server. The authentication
level is set to Integrated Windows Authentication, and I do not allow
anonymous access. It wouldn't matter if I did, because the folder and it's
contents have specific NTFS permissions. This has been working well for all
clients accessing it until now.
One client is running Win 98 se with IE 5.5 SP2 - current on all patches.
When the user tries to connect from that machine using IE, he gets prompted
three times for a username and password, then it gives the "You are not
authorized to view this page" message in IE. When he tries to add the web
folder in Windows Explorer, he gets prompted three times, then gets the
message, "You do not have permission to access this web folder location."
All I get in the IIS log is a 401 entry, but no error messages or indication
of what is happening.
When I switch the authentication to Basic, he is able to logon just fine.
It appears that the username is not being received correctly by IIS because
he is not able to lock out the account after enough tries with an
intentionally wrong password (but it can be done by a client that is able to
logon normally).
He is running Roadrunner-provided hi-speed internet with Norton Personal
Firewall. He has tried with the firewall software disabled, but that did
not work. I have verified that the server will accept LM, NTLM, and NTLM
v.2 requests. I have verified his IE Security and Advanced settings with a
similar client that is able to logon correctly. I am running out of ideas.
The only thing I can figure is that Roadrunner may have something in their
setup that is not allowing this to function - but that seems like a
longshot.
Although I have found several posts dealing with Integrated Windows
Authentication and logon failures, I have not found any that solve or
explain my circumstance. Any help would be greatly appreciated.
One side note about the IIS logs - when it logs his attempt to connect,
his client information is listed as
(compatible;+MSIE+5.5;+Windows+98;+T312461). I looked up the T312461
because it doesn't show up on any other clients that I've seen, even if they
are current on MS patches. It does not appear to be part of the
authentication problem, but I'm including it just in case it sticks out to
someone.
Thanks for your help,
Jerry
| |
| Ken Schaefer 2004-03-22, 10:34 pm |
| a) NTLM v2 authentication does not work through most proxy servers, because
it requires an open end-to-end connection between server and client for a
couple of back-and-forward messages. If there is a proxy server between him
and your server, NTLM v2 authentication will most likely fail
b) Ensure that he is including the appropriate Domain Name in the user
crentials: Domain\Username, otherwise IIS will use the local machine, i.e.
assume that the user wants WebServerName\UserName which may not be a valid
account.
Cheers
Ken
"Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
news:%232d11lGEEHA.2908@TK2MSFTNGP09.phx.gbl...
: I have a web folder setup on IIS 5 on Win 2K server. The authentication
: level is set to Integrated Windows Authentication, and I do not allow
: anonymous access. It wouldn't matter if I did, because the folder and
it's
: contents have specific NTFS permissions. This has been working well for
all
: clients accessing it until now.
:
: One client is running Win 98 se with IE 5.5 SP2 - current on all
patches.
: When the user tries to connect from that machine using IE, he gets
prompted
: three times for a username and password, then it gives the "You are not
: authorized to view this page" message in IE. When he tries to add the web
: folder in Windows Explorer, he gets prompted three times, then gets the
: message, "You do not have permission to access this web folder location."
: All I get in the IIS log is a 401 entry, but no error messages or
indication
: of what is happening.
:
: When I switch the authentication to Basic, he is able to logon just
fine.
: It appears that the username is not being received correctly by IIS
because
: he is not able to lock out the account after enough tries with an
: intentionally wrong password (but it can be done by a client that is able
to
: logon normally).
:
: He is running Roadrunner-provided hi-speed internet with Norton Personal
: Firewall. He has tried with the firewall software disabled, but that did
: not work. I have verified that the server will accept LM, NTLM, and NTLM
: v.2 requests. I have verified his IE Security and Advanced settings with
a
: similar client that is able to logon correctly. I am running out of
ideas.
: The only thing I can figure is that Roadrunner may have something in their
: setup that is not allowing this to function - but that seems like a
: longshot.
:
: Although I have found several posts dealing with Integrated Windows
: Authentication and logon failures, I have not found any that solve or
: explain my circumstance. Any help would be greatly appreciated.
:
: One side note about the IIS logs - when it logs his attempt to connect,
: his client information is listed as
: (compatible;+MSIE+5.5;+Windows+98;+T312461). I looked up the T312461
: because it doesn't show up on any other clients that I've seen, even if
they
: are current on MS patches. It does not appear to be part of the
: authentication problem, but I'm including it just in case it sticks out to
: someone.
:
: Thanks for your help,
: Jerry
:
:
| |
| Bernard 2004-03-23, 1:34 am |
| If user are coming from the internet, I would suggest you configured Basic
Auth with SSL.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
http://www.msmvps.com/bernard/
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:eyehAOIEEHA.3372@TK2MSFTNGP10.phx.gbl...
> a) NTLM v2 authentication does not work through most proxy servers,
because
> it requires an open end-to-end connection between server and client for a
> couple of back-and-forward messages. If there is a proxy server between
him
> and your server, NTLM v2 authentication will most likely fail
>
> b) Ensure that he is including the appropriate Domain Name in the user
> crentials: Domain\Username, otherwise IIS will use the local machine, i.e.
> assume that the user wants WebServerName\UserName which may not be a valid
> account.
>
> Cheers
> Ken
>
> "Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
> news:%232d11lGEEHA.2908@TK2MSFTNGP09.phx.gbl...
> : I have a web folder setup on IIS 5 on Win 2K server. The
authentication
> : level is set to Integrated Windows Authentication, and I do not allow
> : anonymous access. It wouldn't matter if I did, because the folder and
> it's
> : contents have specific NTFS permissions. This has been working well for
> all
> : clients accessing it until now.
> :
> : One client is running Win 98 se with IE 5.5 SP2 - current on all
> patches.
> : When the user tries to connect from that machine using IE, he gets
> prompted
> : three times for a username and password, then it gives the "You are not
> : authorized to view this page" message in IE. When he tries to add the
web
> : folder in Windows Explorer, he gets prompted three times, then gets the
> : message, "You do not have permission to access this web folder
location."
> : All I get in the IIS log is a 401 entry, but no error messages or
> indication
> : of what is happening.
> :
> : When I switch the authentication to Basic, he is able to logon just
> fine.
> : It appears that the username is not being received correctly by IIS
> because
> : he is not able to lock out the account after enough tries with an
> : intentionally wrong password (but it can be done by a client that is
able
> to
> : logon normally).
> :
> : He is running Roadrunner-provided hi-speed internet with Norton
Personal
> : Firewall. He has tried with the firewall software disabled, but that
did
> : not work. I have verified that the server will accept LM, NTLM, and
NTLM
> : v.2 requests. I have verified his IE Security and Advanced settings
with
> a
> : similar client that is able to logon correctly. I am running out of
> ideas.
> : The only thing I can figure is that Roadrunner may have something in
their
> : setup that is not allowing this to function - but that seems like a
> : longshot.
> :
> : Although I have found several posts dealing with Integrated Windows
> : Authentication and logon failures, I have not found any that solve or
> : explain my circumstance. Any help would be greatly appreciated.
> :
> : One side note about the IIS logs - when it logs his attempt to
connect,
> : his client information is listed as
> : (compatible;+MSIE+5.5;+Windows+98;+T312461). I looked up the T312461
> : because it doesn't show up on any other clients that I've seen, even if
> they
> : are current on MS patches. It does not appear to be part of the
> : authentication problem, but I'm including it just in case it sticks out
to
> : someone.
> :
> : Thanks for your help,
> : Jerry
> :
> :
>
>
| |
| Jerry 2004-03-23, 10:37 am |
| Thanks for your responses, Ken and Bernard.
I don't think that he is using NTLM v.2, but I'm really not sure how to
tell. The reason I think that he's not is because I know it's not "default"
behavior for Win 9x clients, and I setup his computer to begin with.
However, one of my tests was to enable NTLM v.2 per MS KB Q239869
(http://support.microsoft.com/defaul...b;en-us;Q239869). When
that didn't work, I removed the registry change that forced NTLM v.2. Now
that I think of it, I never tried the setting to force LM and NTLM only -
may be worth a shot.
I should've mentioned that the web server is not part of a domain. Good
idea, though.
As for SSL, I actually would prefer that myself. Is the only way to
enable SSL to purchase a security certificate from a company such as
Verisign? And, if so, once I have the certificate, how do I apply it just
to the Virtual Directory in IIS (the web folder)? When I view the
properties for the virtual directory, the Server Certificate button is
grayed out. Currently, the web folder is a virtual directory under the
actual website. So users access it as www.domainname.com/webfolder, for
example. I think that's the only way for me to set it up. I guess I would
apply the certificate at the site level and require secure communications at
the web folder level?
Thanks and best regards,
Jerry
"Bernard" <qbernard@hotmail.com.discuss> wrote in message
news:e1MRgvJEEHA.3980@TK2MSFTNGP09.phx.gbl...
> If user are coming from the internet, I would suggest you configured Basic
> Auth with SSL.
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:eyehAOIEEHA.3372@TK2MSFTNGP10.phx.gbl...
> because
a[color=darkred]
> him
i.e.[color=darkred]
valid[color=darkred]
> authentication
for[color=darkred]
not[color=darkred]
> web
the[color=darkred]
> location."
> able
> Personal
> did
> NTLM
> with
> their
> connect,
if[color=darkred]
out[color=darkred]
> to
>
>
| |
| Ken Schaefer 2004-03-23, 8:35 pm |
| Hi Jerry,
Integrated Windows Authentication offers two authentication mechanisms:
a) Kerberos (not supported by Windows 9x)
-and-
b) NTLM v2
If you have enabled IWA, then the Win95 client can not be used Kerberos
(unless you've installed the separate AD client as well. Additionally,
Kerberos authentication requires that the client be able to contact the
Domain Controllers directly, which is unlikely)
So, I think you are using NTLM v2. Note, I'm pretty sure NTLM v2 includes
support for NTLM (unless you disable this manually, eg by switching to
Windows 2000 Native Mode on your DCs, or by setting a reg key on stand-alone
servers).
You can either get a cert from a commerical authority, or use Microsoft
Certificate Services (or you own CA software). However, in order for users
not to get a warning about the validity of the cert, they will need to trust
the CA (eg by importing the CA's root certificate - possible to do in an
intranet/extranet scenario - not so feasible if this is a public website
viewable by the public at large), or you need to use a commercial provider
like Thawte or Verisign, where the browser already has trust for the CA
built-in by the manufacturer (eg Microsoft).
Follow this if you want to setup SSL using MS Cert Services:
http://support.microsoft.com/?id=299525
Cheers
Ken
"Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
news:e7CJXeOEEHA.2564@TK2MSFTNGP11.phx.gbl...
: Thanks for your responses, Ken and Bernard.
:
: I don't think that he is using NTLM v.2, but I'm really not sure how to
: tell. The reason I think that he's not is because I know it's not
"default"
: behavior for Win 9x clients, and I setup his computer to begin with.
: However, one of my tests was to enable NTLM v.2 per MS KB Q239869
: (http://support.microsoft.com/defaul...b;en-us;Q239869). When
: that didn't work, I removed the registry change that forced NTLM v.2. Now
: that I think of it, I never tried the setting to force LM and NTLM only -
: may be worth a shot.
:
: I should've mentioned that the web server is not part of a domain. Good
: idea, though.
:
: As for SSL, I actually would prefer that myself. Is the only way to
: enable SSL to purchase a security certificate from a company such as
: Verisign? And, if so, once I have the certificate, how do I apply it just
: to the Virtual Directory in IIS (the web folder)? When I view the
: properties for the virtual directory, the Server Certificate button is
: grayed out. Currently, the web folder is a virtual directory under the
: actual website. So users access it as www.domainname.com/webfolder, for
: example. I think that's the only way for me to set it up. I guess I
would
: apply the certificate at the site level and require secure communications
at
: the web folder level?
:
: Thanks and best regards,
: Jerry
:
: "Bernard" <qbernard@hotmail.com.discuss> wrote in message
: news:e1MRgvJEEHA.3980@TK2MSFTNGP09.phx.gbl...
: > If user are coming from the internet, I would suggest you configured
Basic
: > Auth with SSL.
: >
: > --
: > Regards,
: > Bernard Cheah
: > http://support.microsoft.com/
: > http://www.msmvps.com/bernard/
: >
: >
: > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
: > news:eyehAOIEEHA.3372@TK2MSFTNGP10.phx.gbl...
: > > a) NTLM v2 authentication does not work through most proxy servers,
: > because
: > > it requires an open end-to-end connection between server and client
for
: a
: > > couple of back-and-forward messages. If there is a proxy server
between
: > him
: > > and your server, NTLM v2 authentication will most likely fail
: > >
: > > b) Ensure that he is including the appropriate Domain Name in the user
: > > crentials: Domain\Username, otherwise IIS will use the local machine,
: i.e.
: > > assume that the user wants WebServerName\UserName which may not be a
: valid
: > > account.
: > >
: > > Cheers
: > > Ken
: > >
: > > "Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
: > > news:%232d11lGEEHA.2908@TK2MSFTNGP09.phx.gbl...
: > > : I have a web folder setup on IIS 5 on Win 2K server. The
: > authentication
: > > : level is set to Integrated Windows Authentication, and I do not
allow
: > > : anonymous access. It wouldn't matter if I did, because the folder
and
: > > it's
: > > : contents have specific NTFS permissions. This has been working well
: for
: > > all
: > > : clients accessing it until now.
: > > :
: > > : One client is running Win 98 se with IE 5.5 SP2 - current on all
: > > patches.
: > > : When the user tries to connect from that machine using IE, he gets
: > > prompted
: > > : three times for a username and password, then it gives the "You are
: not
: > > : authorized to view this page" message in IE. When he tries to add
the
: > web
: > > : folder in Windows Explorer, he gets prompted three times, then gets
: the
: > > : message, "You do not have permission to access this web folder
: > location."
: > > : All I get in the IIS log is a 401 entry, but no error messages or
: > > indication
: > > : of what is happening.
: > > :
: > > : When I switch the authentication to Basic, he is able to logon
just
: > > fine.
: > > : It appears that the username is not being received correctly by IIS
: > > because
: > > : he is not able to lock out the account after enough tries with an
: > > : intentionally wrong password (but it can be done by a client that is
: > able
: > > to
: > > : logon normally).
: > > :
: > > : He is running Roadrunner-provided hi-speed internet with Norton
: > Personal
: > > : Firewall. He has tried with the firewall software disabled, but
that
: > did
: > > : not work. I have verified that the server will accept LM, NTLM, and
: > NTLM
: > > : v.2 requests. I have verified his IE Security and Advanced settings
: > with
: > > a
: > > : similar client that is able to logon correctly. I am running out of
: > > ideas.
: > > : The only thing I can figure is that Roadrunner may have something in
: > their
: > > : setup that is not allowing this to function - but that seems like a
: > > : longshot.
: > > :
: > > : Although I have found several posts dealing with Integrated
Windows
: > > : Authentication and logon failures, I have not found any that solve
or
: > > : explain my circumstance. Any help would be greatly appreciated.
: > > :
: > > : One side note about the IIS logs - when it logs his attempt to
: > connect,
: > > : his client information is listed as
: > > : (compatible;+MSIE+5.5;+Windows+98;+T312461). I looked up the
T312461
: > > : because it doesn't show up on any other clients that I've seen, even
: if
: > > they
: > > : are current on MS patches. It does not appear to be part of the
: > > : authentication problem, but I'm including it just in case it sticks
: out
: > to
: > > : someone.
: > > :
: > > : Thanks for your help,
: > > : Jerry
: > > :
: > > :
: > >
: > >
: >
: >
:
:
| |
| Jerry 2004-03-24, 10:40 am |
| Ken,
Thanks again for the helpful information!
I have used Verisign in the past to purchase certificates for an Outlook
Web Access site. You are correct that I would prefer to use a certificate
that the browsers already trust. Is this the case with certificates created
using Microsoft's Certificate Services? (i.e., do browsers already trust
those certificates?) I'll look into it today to see if I can find an
answer. Of course, you have to purchase a certificate from Verisign, but
I'd have to read up on what the cost gets you that using MS Certificate
Services doesn't.
Thank you again,
Jerry
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:OYbiM1TEEHA.2308@tk2msftngp13.phx.gbl...
> Hi Jerry,
>
> Integrated Windows Authentication offers two authentication mechanisms:
> a) Kerberos (not supported by Windows 9x)
> -and-
> b) NTLM v2
>
> If you have enabled IWA, then the Win95 client can not be used Kerberos
> (unless you've installed the separate AD client as well. Additionally,
> Kerberos authentication requires that the client be able to contact the
> Domain Controllers directly, which is unlikely)
>
> So, I think you are using NTLM v2. Note, I'm pretty sure NTLM v2 includes
> support for NTLM (unless you disable this manually, eg by switching to
> Windows 2000 Native Mode on your DCs, or by setting a reg key on
stand-alone
> servers).
>
> You can either get a cert from a commerical authority, or use Microsoft
> Certificate Services (or you own CA software). However, in order for users
> not to get a warning about the validity of the cert, they will need to
trust
> the CA (eg by importing the CA's root certificate - possible to do in an
> intranet/extranet scenario - not so feasible if this is a public website
> viewable by the public at large), or you need to use a commercial provider
> like Thawte or Verisign, where the browser already has trust for the CA
> built-in by the manufacturer (eg Microsoft).
>
> Follow this if you want to setup SSL using MS Cert Services:
> http://support.microsoft.com/?id=299525
>
> Cheers
> Ken
>
>
> "Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
> news:e7CJXeOEEHA.2564@TK2MSFTNGP11.phx.gbl...
> : Thanks for your responses, Ken and Bernard.
> :
> : I don't think that he is using NTLM v.2, but I'm really not sure how
to
> : tell. The reason I think that he's not is because I know it's not
> "default"
> : behavior for Win 9x clients, and I setup his computer to begin with.
> : However, one of my tests was to enable NTLM v.2 per MS KB Q239869
> : (http://support.microsoft.com/defaul...b;en-us;Q239869). When
> : that didn't work, I removed the registry change that forced NTLM v.2.
Now
> : that I think of it, I never tried the setting to force LM and NTLM
only -
> : may be worth a shot.
> :
> : I should've mentioned that the web server is not part of a domain.
Good
> : idea, though.
> :
> : As for SSL, I actually would prefer that myself. Is the only way to
> : enable SSL to purchase a security certificate from a company such as
> : Verisign? And, if so, once I have the certificate, how do I apply it
just
> : to the Virtual Directory in IIS (the web folder)? When I view the
> : properties for the virtual directory, the Server Certificate button is
> : grayed out. Currently, the web folder is a virtual directory under the
> : actual website. So users access it as www.domainname.com/webfolder, for
> : example. I think that's the only way for me to set it up. I guess I
> would
> : apply the certificate at the site level and require secure
communications
> at
> : the web folder level?
> :
> : Thanks and best regards,
> : Jerry
> :
> : "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> : news:e1MRgvJEEHA.3980@TK2MSFTNGP09.phx.gbl...
> : > If user are coming from the internet, I would suggest you configured
> Basic
> : > Auth with SSL.
> : >
> : > --
> : > Regards,
> : > Bernard Cheah
> : > http://support.microsoft.com/
> : > http://www.msmvps.com/bernard/
> : >
> : >
> : > "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> : > news:eyehAOIEEHA.3372@TK2MSFTNGP10.phx.gbl...
> : > > a) NTLM v2 authentication does not work through most proxy servers,
> : > because
> : > > it requires an open end-to-end connection between server and client
> for
> : a
> : > > couple of back-and-forward messages. If there is a proxy server
> between
> : > him
> : > > and your server, NTLM v2 authentication will most likely fail
> : > >
> : > > b) Ensure that he is including the appropriate Domain Name in the
user
> : > > crentials: Domain\Username, otherwise IIS will use the local
machine,
> : i.e.
> : > > assume that the user wants WebServerName\UserName which may not be a
> : valid
> : > > account.
> : > >
> : > > Cheers
> : > > Ken
> : > >
> : > > "Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
> : > > news:%232d11lGEEHA.2908@TK2MSFTNGP09.phx.gbl...
> : > > : I have a web folder setup on IIS 5 on Win 2K server. The
> : > authentication
> : > > : level is set to Integrated Windows Authentication, and I do not
> allow
> : > > : anonymous access. It wouldn't matter if I did, because the folder
> and
> : > > it's
> : > > : contents have specific NTFS permissions. This has been working
well
> : for
> : > > all
> : > > : clients accessing it until now.
> : > > :
> : > > : One client is running Win 98 se with IE 5.5 SP2 - current on all
> : > > patches.
> : > > : When the user tries to connect from that machine using IE, he gets
> : > > prompted
> : > > : three times for a username and password, then it gives the "You
are
> : not
> : > > : authorized to view this page" message in IE. When he tries to add
> the
> : > web
> : > > : folder in Windows Explorer, he gets prompted three times, then
gets
> : the
> : > > : message, "You do not have permission to access this web folder
> : > location."
> : > > : All I get in the IIS log is a 401 entry, but no error messages or
> : > > indication
> : > > : of what is happening.
> : > > :
> : > > : When I switch the authentication to Basic, he is able to logon
> just
> : > > fine.
> : > > : It appears that the username is not being received correctly by
IIS
> : > > because
> : > > : he is not able to lock out the account after enough tries with an
> : > > : intentionally wrong password (but it can be done by a client that
is
> : > able
> : > > to
> : > > : logon normally).
> : > > :
> : > > : He is running Roadrunner-provided hi-speed internet with Norton
> : > Personal
> : > > : Firewall. He has tried with the firewall software disabled, but
> that
> : > did
> : > > : not work. I have verified that the server will accept LM, NTLM,
and
> : > NTLM
> : > > : v.2 requests. I have verified his IE Security and Advanced
settings
> : > with
> : > > a
> : > > : similar client that is able to logon correctly. I am running out
of
> : > > ideas.
> : > > : The only thing I can figure is that Roadrunner may have something
in
> : > their
> : > > : setup that is not allowing this to function - but that seems like
a
> : > > : longshot.
> : > > :
> : > > : Although I have found several posts dealing with Integrated
> Windows
> : > > : Authentication and logon failures, I have not found any that solve
> or
> : > > : explain my circumstance. Any help would be greatly appreciated.
> : > > :
> : > > : One side note about the IIS logs - when it logs his attempt to
> : > connect,
> : > > : his client information is listed as
> : > > : (compatible;+MSIE+5.5;+Windows+98;+T312461). I looked up the
> T312461
> : > > : because it doesn't show up on any other clients that I've seen,
even
> : if
> : > > they
> : > > : are current on MS patches. It does not appear to be part of the
> : > > : authentication problem, but I'm including it just in case it
sticks
> : out
> : > to
> : > > : someone.
> : > > :
> : > > : Thanks for your help,
> : > > : Jerry
> : > > :
> : > > :
> : > >
> : > >
> : >
> : >
> :
> :
>
>
| |
| Jerry 2004-03-24, 10:40 am |
| Looks like I found a post that says you do need to purchase a certificate
from a provider in order to have the built in trust. It only makes sense,
but you never know.
Jerry
"Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
news:OYDXaCbEEHA.3872@tk2msftngp13.phx.gbl...
> Ken,
>
> Thanks again for the helpful information!
>
> I have used Verisign in the past to purchase certificates for an Outlook
> Web Access site. You are correct that I would prefer to use a certificate
> that the browsers already trust. Is this the case with certificates
created
> using Microsoft's Certificate Services? (i.e., do browsers already trust
> those certificates?) I'll look into it today to see if I can find an
> answer. Of course, you have to purchase a certificate from Verisign, but
> I'd have to read up on what the cost gets you that using MS Certificate
> Services doesn't.
>
> Thank you again,
> Jerry
>
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:OYbiM1TEEHA.2308@tk2msftngp13.phx.gbl...
includes[color=darkred]
> stand-alone
users[color=darkred]
> trust
provider[color=darkred]
> to
When[color=darkred]
> Now
> only -
> Good
> just
the[color=darkred]
for[color=darkred]
> communications
servers,[color=darkred]
client[color=darkred]
> user
> machine,
a[color=darkred]
folder[color=darkred]
> well
all[color=darkred]
gets[color=darkred]
> are
add[color=darkred]
> gets
or[color=darkred]
> IIS
an[color=darkred]
that[color=darkred]
> is
Norton[color=darkred]
> and
> settings
out[color=darkred]
> of
something[color=darkred]
> in
like[color=darkred]
> a
solve[color=darkred]
> even
> sticks
>
>
|
|
|
|
|