|
Home > Archive > IIS Server Security > September 2004 > Client Access
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Guys,
Recently I had to disable remote access to my webserver.
I left all the security permissions in place, just
disallowed non-local access. It was a simple setting
change.
However, now I can't turn remote access back on. I
haven't been able to find the setting again.
Please help!
Simon.
| |
| Miha Pihler 2004-09-02, 6:45 pm |
| Simon,
What do you mean by remote access? Do you mean RDP (Remote Desktop)
access... Can you give more information (be more specific).
Mike
"Simon" <anonymous@discussions.microsoft.com> wrote in message
news:4a8401c490b8$bea800c0$a301280a@phx.gbl...
> Guys,
>
> Recently I had to disable remote access to my webserver.
> I left all the security permissions in place, just
> disallowed non-local access. It was a simple setting
> change.
>
> However, now I can't turn remote access back on. I
> haven't been able to find the setting again.
>
> Please help!
>
> Simon.
>
>
| |
|
| Mike,
Not Remote Desktop, remote connections might be a better
way to put it. Basically, attempts to use IE to browse
the website are refused. The user has permission to
access the website, but the server refuses them.
I'm running my website on Win2003 Server, and with the
access denied the remotee gets the below message.
Simon.
You are not authorized to view this page
You do not have permission to view this directory or page
using the credentials that you supplied because your Web
browser is sending a WWW-Authenticate header field that
the Web server is not configured to accept.
-----------------------------------------------------------
---------------------
Please try the following:
Contact the Web site administrator if you believe you
should be able to view this directory or page.
Click the Refresh button to try again with different
credentials.
HTTP Error 401.2 - Unauthorized: Access is denied due to
server configuration.
Internet Information Services (IIS)
-----------------------------------------------------------
---------------------
Technical Information (for support personnel)
Go to Microsoft Product Support Services and perform a
title search for the words HTTP and 401.
Open IIS Help, which is accessible in IIS Manager
(inetmgr), and search for topics titled About Security,
Authentication, and About Custom Error Messages.
| |
| Miha Pihler 2004-09-03, 2:56 am |
| How is authentication set on IIS? Anonymous or something else? How about
NTFS permission? Do users have NTFS permissions to read files on server?
(IIS will honor NTFS permissions)
Mike
"Simon" <anonymous@discussions.microsoft.com> wrote in message
news:523601c4913e$379f8ea0$a501280a@phx.gbl...
> Mike,
>
> Not Remote Desktop, remote connections might be a better
> way to put it. Basically, attempts to use IE to browse
> the website are refused. The user has permission to
> access the website, but the server refuses them.
>
> I'm running my website on Win2003 Server, and with the
> access denied the remotee gets the below message.
>
> Simon.
>
>
>
> You are not authorized to view this page
> You do not have permission to view this directory or page
> using the credentials that you supplied because your Web
> browser is sending a WWW-Authenticate header field that
> the Web server is not configured to accept.
> -----------------------------------------------------------
> ---------------------
>
> Please try the following:
>
> Contact the Web site administrator if you believe you
> should be able to view this directory or page.
> Click the Refresh button to try again with different
> credentials.
> HTTP Error 401.2 - Unauthorized: Access is denied due to
> server configuration.
> Internet Information Services (IIS)
>
> -----------------------------------------------------------
> ---------------------
>
> Technical Information (for support personnel)
>
> Go to Microsoft Product Support Services and perform a
> title search for the words HTTP and 401.
> Open IIS Help, which is accessible in IIS Manager
> (inetmgr), and search for topics titled About Security,
> Authentication, and About Custom Error Messages.
>
>
>
| |
|
| NTFS permissins were left "as is", as were IIS
permissions. We don't use Anonymous authentication, as we
required all users to use Integrated authentication.
At the time I was browsing around Computer Management when
I came across an option like "Refuse remote connections",
which disabled the remote users.
I have since done an uninstall and reinstall of IIS, with
comletely fresh directories from InetPub down, and the
problem persists, so this indicates to me that the issues
is above IIS. However, If I tweak Anonymous on, then the
user can connect. It is almost as though the server
says "If Authentication is required, then refuse all
connections."
Simon.
>-----Original Message-----
>How is authentication set on IIS? Anonymous or something
else? How about
>NTFS permission? Do users have NTFS permissions to read
files on server?
>(IIS will honor NTFS permissions)
>
>Mike
>
>"Simon" <anonymous@discussions.microsoft.com> wrote in
message
>news:523601c4913e$379f8ea0$a501280a@phx.gbl...
page[vbcol=seagreen]
---[vbcol=seagreen]
---[vbcol=seagreen]
>
>
>.
>
| |
| Miha Pihler 2004-09-06, 7:51 am |
| Can you check these few things:
Can you open up local policy (Start -> Run -> gpedit.msc -> click OK). Under
Computer Configuration -> Windows Settings -> Security Settings -> Local
Policies -> User Rights Assignment. Here look for "Access this computer from
the network" policy and double click on it. Which users/groups do you have
listed?
Can you enable Basic Authentication for a test and disable Integrated auth.
Try to access the site. Do you get prompted for username and password?
Can you also disable "Show friendly HTTP error Messages" and try to access
the site. What is the exact error that you get.
Mike
"Simon" <anonymous@discussions.microsoft.com> wrote in message
news:01ca01c49399$921c8b00$a401280a@phx.gbl...[vbcol=seagreen]
> NTFS permissins were left "as is", as were IIS
> permissions. We don't use Anonymous authentication, as we
> required all users to use Integrated authentication.
>
> At the time I was browsing around Computer Management when
> I came across an option like "Refuse remote connections",
> which disabled the remote users.
>
> I have since done an uninstall and reinstall of IIS, with
> comletely fresh directories from InetPub down, and the
> problem persists, so this indicates to me that the issues
> is above IIS. However, If I tweak Anonymous on, then the
> user can connect. It is almost as though the server
> says "If Authentication is required, then refuse all
> connections."
>
> Simon.
>
>
>
> else? How about
> files on server?
> message
> page
> ---
> ---
| |
| Miha Pihler 2004-09-10, 5:53 pm |
| Hi Simon,
No, I am still around :-)
Can you try and do this:
Can you enable Basic Authentication (Basic not Anonymous) for a test and
disable Integrated auth. Try to access the site. Do you get prompted for
username and password?
When testing with IE and Integrated Authentication, make sure that URL that
you use is in Local Intranet zone (you can check it by going to the URL and
see on IE Status Bar (bottom right).
Mike
"Simon" <anonymous@discussions.microsoft.com> wrote in message
news:95dc01c4970a$d513ac80$a501280a@phx.gbl...[vbcol=seagreen]
> Mike,
>
> Hope I haven't lost you over the last couple of days.
>
> For users in group policy I get:
>
> Admins
> ASPNET
> Backup Operators
> Everyone
> IUSR...
> IWAM...
> Power Users
> Users
>
>
> For the error message I get "Login Failed for user 'NT
> Authority/Anonymous Login", though I have Anonymous
> disabled.
>
> If I enable Anonymous and disabled Integrated, I can
> access the site without any prompting, though of course
> I'm not identified.
>
> Any further ideas?
>
> Thanks,
> Simon.
>
>
> Settings -> Local
> this computer from
> users/groups do you have
> disable Integrated auth.
> and password?
> and try to access
> message
> we
> when
> connections",
> with
> issues
> the
> something
> better
> browse
> the
> Web
> that
> ---
> due to
> ---
> a
> Security,
| |
|
| Hi again, Mike,
Okay, with *Basic* authentication I do get prompted for a
username and password.
And yes, the URL is listed in the Local Intranet zone.
Thanks,
Simon.
>-----Original Message-----
>Hi Simon,
>
>No, I am still around :-)
>
>Can you try and do this:
>
>Can you enable Basic Authentication (Basic not Anonymous)
for a test and
>disable Integrated auth. Try to access the site. Do you
get prompted for
>username and password?
>
>When testing with IE and Integrated Authentication, make
sure that URL that
>you use is in Local Intranet zone (you can check it by
going to the URL and
>see on IE Status Bar (bottom right).
>
>Mike
>
>"Simon" <anonymous@discussions.microsoft.com> wrote in
message
>news:95dc01c4970a$d513ac80$a501280a@phx.gbl...
gpedit.msc -[vbcol=seagreen]
for "Access[vbcol=seagreen]
username[vbcol=seagreen]
Messages"[vbcol=seagreen]
as[vbcol=seagreen]
the[vbcol=seagreen]
read[vbcol=seagreen]
in[vbcol=seagreen]
to[vbcol=seagreen]
or[vbcol=seagreen]
your[vbcol=seagreen]
---[vbcol=seagreen]
you[vbcol=seagreen]
different[vbcol=seagreen]
---[vbcol=seagreen]
perform[vbcol=seagreen]
>
>
>.
>
| |
| Miha Pihler 2004-09-13, 2:50 am |
| Simon,
Can you check this in your browser on the client. Open IE and go to Tools ->
Internet Options -> Advanced. Here look for "Enable Integrated Windows
Authentication" and make sure it is selected.
If it is selected remove the checkmark, reboot and try then try...
Mike
"Simon" <anonymous@discussions.microsoft.com> wrote in message
news:0ced01c4991e$caae84c0$a501280a@phx.gbl...[vbcol=seagreen]
> Hi again, Mike,
>
> Okay, with *Basic* authentication I do get prompted for a
> username and password.
>
> And yes, the URL is listed in the Local Intranet zone.
>
> Thanks,
> Simon.
>
>
> for a test and
> get prompted for
> sure that URL that
> going to the URL and
> message
> gpedit.msc -
> for "Access
> username
> Messages"
> as
> the
> read
> in
> to
> or
> your
> ---
> you
> different
> ---
> perform
|
|
|
|
|