IIS Server Security - only local admin group works w/ windows authentication

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > June 2007 > only local admin group works w/ windows authentication





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author only local admin group works w/ windows authentication
Phil

2007-06-05, 7:24 pm

Im trying to lock down a directory on my web server with windows
authentication. Permissions on the actual folders are fine. However when Im
prompted for username/pwd only accounts in the local admin group of the
server work. I really do not want to add any more accounts to the local
admin group of this server. Is this something standard with IIS6 or am I
missing something?
Thanks.
ace_away

2007-06-05, 7:24 pm

make sure people are logging in with full domain names... such as:

Name: mycomanydomain/theuserid


"Phil" <Phil@discussions.microsoft.com> wrote in message
news:7C7297D9-A678-4404-9788-38AC3B39477F@microsoft.com...
> Im trying to lock down a directory on my web server with windows
> authentication. Permissions on the actual folders are fine. However when
> Im
> prompted for username/pwd only accounts in the local admin group of the
> server work. I really do not want to add any more accounts to the local
> admin group of this server. Is this something standard with IIS6 or am I
> missing something?
> Thanks.


Roger Abell [MVP]

2007-06-07, 7:17 am

Check the security event log for logon failure messages, and if
needed configure it to record same.
I am guessing that the machine-external accounts you are attempting
to use do not have the needed login rights granted to them. At least,
that is with the assumption that you are saying that domain\account
is not able to login unless added to the IIS servers Administrators
group, that you are not saying you have problems with accounts that
are machine-local to the IIS but not admins.

Roger

"Phil" <Phil@discussions.microsoft.com> wrote in message
news:7C7297D9-A678-4404-9788-38AC3B39477F@microsoft.com...
> Im trying to lock down a directory on my web server with windows
> authentication. Permissions on the actual folders are fine. However when
> Im
> prompted for username/pwd only accounts in the local admin group of the
> server work. I really do not want to add any more accounts to the local
> admin group of this server. Is this something standard with IIS6 or am I
> missing something?
> Thanks.


Phil

2007-06-08, 1:24 pm

Users are definitely logging in that way. Again my account worked because I
was a local admin, but a standard domain user did not work. As soon as I
add that user to local admin group it works.

"ace_away" wrote:

> make sure people are logging in with full domain names... such as:
>
> Name: mycomanydomain/theuserid
>
>
> "Phil" <Phil@discussions.microsoft.com> wrote in message
> news:7C7297D9-A678-4404-9788-38AC3B39477F@microsoft.com...
>
>
>
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com