IIS Server Security - Website security

Author

Website security - help with groups

Chas

2004-06-17, 5:56 pm

Hello,

I am devoping a site that will be accessed by internal personnel only.
I have turned on Integrated Windows authentication which is doing a fine job
of authenticating against the AD.

Currently any domain user can access the site if proper credentials are
supplied. What I need to do is lock the site down further, to a specific
group of AD users. I have not had any luck with this and figure that I'm
missing some step between NTFS permissions and site permissions.

If anyone can supply some direction or a link supporting socumentation I'd
appreciate it.

OS: Windows 2003
IIS 6

Thank you

Tom Kaminski [MVP]

2004-06-17, 5:56 pm

"Chas" <nospam@nospam.com> wrote in message
news:%23J2nlyIVEHA.212@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> I am devoping a site that will be accessed by internal personnel only.
> I have turned on Integrated Windows authentication which is doing a fine
job
> of authenticating against the AD.
>
> Currently any domain user can access the site if proper credentials are
> supplied. What I need to do is lock the site down further, to a specific
> group of AD users. I have not had any luck with this and figure that I'm
> missing some step between NTFS permissions and site permissions.
>
> If anyone can supply some direction or a link supporting socumentation I'd
> appreciate it.
>
> OS: Windows 2003
> IIS 6

HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/defaul...kb;en-us;324274

IIS 6 Documentation
http://www.microsoft.com/technet/pr...hentication.asp

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com

Chas

2004-06-17, 5:57 pm

Tom,

Thanks for the links. I ended up using the 'How to for 2003' doc but it
wasn't accurate by any means. The direction ask to remove the 'everyone'
group.
The 'everyone' group did not have access to my site. I ended up taking the
'process of elimination' route and just began removing groups until
something worked.

Thanks for posting though.

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
news:casn0j$tt16@kcweb01.netnews.att.com...
> "Chas" <nospam@nospam.com> wrote in message
> news:%23J2nlyIVEHA.212@TK2MSFTNGP12.phx.gbl...
> job
>
> HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
> http://support.microsoft.com/defaul...kb;en-us;324274
>
> IIS 6 Documentation
> http://www.microsoft.com/technet/pr...hentication.asp
>
> --
> Tom Kaminski IIS MVP
> http://www.microsoft.com/windowsser...ty/centers/iis/
> http://mvp.support.microsoft.com/
> http://www.iisfaq.com/
> http://www.iistoolshed.com/ - tools, scripts, and utilities for running
> IIS
> http://www.tryiis.com
>
>

forbesn@chiefind.com

2004-06-28, 7:33 pm

You just have to set up NTLM security now by going to the security tab for the folder where the files are located and then remove "Everyone" from having permissions and add the users/group accounts that you want to get into the page. Give them Read and E
xecute permissions. Also add "SYSTEM" and some sort of administrative group that you are in with Full control and you will have less grief with defrag and Web Publishing.

You may need to move some files to a subfolder if you want "Everyone" to get to some of the web pages but not all.

****************************************
******************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...