|
Home > Archive > IIS Server Security > July 2004 > Domain?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hi all,
I'm trying to use my standalone PC as a web server I stopped anonymous
access to the site and created a user for integrated windows security to
use. This is all fine... however if somebody trys to access my site from
within a domain it asks them for a domain, what do you put in there? I have
tried my computer name but it still doesn't work. (that was the only thing I
could think of)
thanks
Gav
| |
| Jeff Cochran 2004-07-14, 5:54 pm |
| On Wed, 14 Jul 2004 10:42:25 +0100, "Gav" <spam@spam.com> wrote:
>I'm trying to use my standalone PC as a web server I stopped anonymous
>access to the site and created a user for integrated windows security to
>use. This is all fine... however if somebody trys to access my site from
>within a domain it asks them for a domain, what do you put in there? I have
>tried my computer name but it still doesn't work. (that was the only thing I
>could think of)
Your workgroup or domain name (depending on whether you're in a
workgroup or domain).
Jeff
| |
| Wei-Dong XU [MSFT] 2004-07-15, 2:49 am |
| Hi Gav,
I agree with Jeff. Since you wrote "standalone PC" in the post, I'd also
suggest please check whether your box is added in the intranet domain.
Expect to your reply!
Best Regards,
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
|
| My computer is in a workgroup and is connected directly to the net. I tried
from a computer within a domain (not mine completely seperate) accessing the
website and put in the workgroup name and I still could not access the page.
So, so far in the domain field i have tried:
Leaving it blank
My computer name
My workgroup name
none of these allow me access to the site from a computer that is part of a
domain.
Any futher help would be great thanks
"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:40fd459b.4342784@msnews.microsoft.com...
> On Wed, 14 Jul 2004 10:42:25 +0100, "Gav" <spam@spam.com> wrote:
>
have[vbcol=seagreen]
thing I[vbcol=seagreen]
>
> Your workgroup or domain name (depending on whether you're in a
> workgroup or domain).
>
> Jeff
| |
| Wei-Dong XU [MSFT] 2004-07-16, 7:50 am |
| Hi Gav,
I'd suggest you can add this box into the domain. So when your logon to the
box as domain account, your box will communicate with Domain Controller to
decide the user identity.
Please feel free to let me know if you have any further question.
Best Regards,
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
| Wei-Dong XU [MSFT] 2004-07-20, 2:52 am |
| Dear Gav,
Integrated Windows authentication is a secure form of authentication
because the user name and password are hashed before being sent across the
network.
There are two scenarios for using only this authentication method:
1. not added into the domain
The client should use the windows account of that box to logon. If we use
the domain account for this box, the server will report error for it
doesn't where it should check the domain account. Even if you connect the
box in the same networking which has one domain, since the box has been
added into the domain, the domain controller will not provide the domain
account informaiton for the box for authentication.
2. added into the domain
The client can use the domain accounts for the logon. At this scenario, the
IIS server will validate the user account with the help of domain controller
So for your scenario, I'd suggest you can add this box into the domain.
Please feel free to let me know if you have any further question.
Best Regards,
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
| Wei-Dong XU [MSFT] 2004-07-22, 2:50 am |
| Hi Gav,
I don't know whether your issue has been resolved.
For your original question,
"however if somebody trys to access my site from within a domain it asks
them for a domain, what do you put in there?"
When your box hasn't been added into the domain and your site is configured
as integrated windows authentication, you will need to use the windows
accounts of your box to logon. For exapmle, if your box has the name
"testserver" and there is one valid user account "test", when you browse to
the site, the logon window pops up, you can input "testserver\test" with
correponding password to logon; or you can directly type "test" in the user
account text box with the password to logon.
At this scenario, Window integratred authentication method will only check
the validation of this account in the windows account database. Since this
box is not added into the domain, it will not find the validation
information regarding the domain account, so all the domain account logon
will be denied. For domain scenario, you will need to add the box into the
domian.
Please feel free to let me know if you have any further question.
Best Regards,
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
| Yan-Hong Huang[MSFT] 2004-07-23, 2:49 am |
| Hi Gav,
I was reviewing the issue thread. Weidong has replied with several posts.
If there is anything unclear, please feel free to post here and we will
follow up.
Thanks very much for participating the community.
Best regards,
Yanhong Huang
Microsoft Community Support
Get Secure! ¨C www.microsoft.com/security
Register to Access MSDN Managed Newsgroups!
-http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.as
p&SD=msdn
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
|
|