|
Home > Archive > IIS Server Security > January 2006 > NTFS to secure directory in IIS6 not working as expected
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
NTFS to secure directory in IIS6 not working as expected
|
|
|
| I am attempting to secure a directory off a URL (ex.
www.domain.com/dir1/members I have changed the NFTS permissions on the
member (this is not a virutal) directory to remove my anonmyous user and
added a user who has local login rights. When I attempt to access the URL, I
am prompted for a username/password but no matter what u/p I use (including
the local admin), I am not able to gain access to the directory. As soon as
I add the anonymous back, I can access the directory but obviously I am not
prompted to enter u/p. What am I missing? I've done this multiple times on
IIS5 and it worked perfectly.
Thanks in advance...
| |
| David Wang [Msft] 2006-01-14, 7:48 am |
| I suggest the following blog entries on how to troubleshoot:
http://blogs.msdn.com/david.wang/ar...leshooting.aspx
http://blogs.msdn.com/david.wang/ar...ess_Denied.aspx
In particular, you need to look through the log file to determine what error
is getting returned that is causing the user/password prompt where nothing
works, and go from there. I suspect that you have some server-wide
misconfiguration that prevents authentication protocol(s) from working,
hence when you remove anonymous, nothing works. But, the log file will show
this and more, so we need not guess -- which is the worst way to
troubleshoot.
What you want to do works by-default on IIS6 in the same manner as IIS5 -
turn off Anonymous authentication and add required NT user to NTFS ACLs of
resource, and things just automatically work.
Usually when things break like this and the machine is in a Domain or is the
Domain Controller, I suspect some Group Policy Security Lockdown which
removed *some* arbitrary number of user privileges that now break things --
and since it removed arbitrary settings, you need to determine what they are
and reverse the damage.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Troy" <troy@custominet.net> wrote in message
news:CBABF37E-E29D-4062-89FC-B1454D1F5B12@microsoft.com...
>I am attempting to secure a directory off a URL (ex.
> www.domain.com/dir1/members I have changed the NFTS permissions on the
> member (this is not a virutal) directory to remove my anonmyous user and
> added a user who has local login rights. When I attempt to access the
> URL, I
> am prompted for a username/password but no matter what u/p I use
> (including
> the local admin), I am not able to gain access to the directory. As soon
> as
> I add the anonymous back, I can access the directory but obviously I am
> not
> prompted to enter u/p. What am I missing? I've done this multiple times
> on
> IIS5 and it worked perfectly.
>
> Thanks in advance...
|
|
|
|
|