IIS Server Security - Setting up IIS 5 basic authentication properly

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > February 2005 > Setting up IIS 5 basic authentication properly





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Setting up IIS 5 basic authentication properly
Martijn

2005-02-25, 7:54 am

The Digest en Windows authentication of IIS 5 (Win2k) delivered some
problems:
- Mozilla did not work with the Digest Authentication method
- Windows authentication is not working in combination with some
networks/firewalls etc
So I want to switch to to the basic authentication method.

Now I have set up a test site on the Win 2000 server "server01"
- port 8080
- files in wwwroot2 directory
- created user test – is member of webusers groep
- webusers had file access to wwwroot2
- turned IIS authentication to basic; other methods are disabled

Now the test:

- Using IE6, I go to http://server01:8080
- Login with test --> no access
- Add test to the administrators group --> OK, access
- Removing the membership “administrators”
- Closing IE6
- Opening IE6 and login --> still access for user test!
- Restarting server01 --> OK, now test has no access to the test site
- Following this article to give de webusers group local logon rights:
http://support.microsoft.com/kb/220609/EN-US/
- Closing IE6
- Opening IE6 and login --> still NO access for user test
- Check group policy --> the webusers group has local logon rights in
the grp policy, but the effective richt are turned off (Administrators
do have an enabled effective policy here)
- Using the “AD console” to set the local logon rights in the domain policy:

1) run Active Directory Users and Computers
2) get properties of the domain (right clik on domain "domain1.lan")
3) click Group Policy tab
4) Editing the default domain policy
5) Log on locally was empty --> added the webusers group
6) AD console closed

- running CMD file with the commands:

secedit /refreshpolicy user_policy
secedit /refreshpolicy machine_policy

- Checked group policy --> the webusers group has local logon rights in
the grp policy, but the effective richts are still turned off
(Administrators do have an enabled effective policy here)
- Restarting server01
- Checked the policy again --> still not effective & user test had still
no access to http://server01:8080

What is the right way to let basic authentication work properly? Any
suggestions?

Regards,
Martijn
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com