IIS Server Security - IIS security authentication

Author

IIS security authentication

Happy-One

2007-01-19, 7:29 pm

On our Intranet site I am implementing security. I am using nothing but
Windows Authentication and am having trouble with it prompting for the
username and password on every webpage change and on some pages not allowing
them in event though it is in the same directory and has the same rights. It
only does that when I take the Authenticated User out of the local Users
group. I don't want "Authenticated User" to be a part of the User group
becuase it bypasses security on the rest of the site. They are able to
navigate anyware becuase they are an "Authenticated User". Any Ideas? Am I
clear enough?
Thanks in advance.

Ken Schaefer

2007-01-20, 1:26 am

You should remove Authenticated Users from the NTFS permissions for the
folders/files that comprise the website (and add another group containing
the users you wish to be able to access the site). You should not remove
Authenticate Users Group from the Users group.

Cheers
Ken

"Happy-One" <HappyOne@discussions.microsoft.com> wrote in message
news:08598307-96FD-4532-B274-555CB6C8081F@microsoft.com...
> On our Intranet site I am implementing security. I am using nothing but
> Windows Authentication and am having trouble with it prompting for the
> username and password on every webpage change and on some pages not
> allowing
> them in event though it is in the same directory and has the same rights.
> It
> only does that when I take the Authenticated User out of the local Users
> group. I don't want "Authenticated User" to be a part of the User group
> becuase it bypasses security on the rest of the site. They are able to
> navigate anyware becuase they are an "Authenticated User". Any Ideas? Am
> I
> clear enough?
> Thanks in advance.