I am the network administrator for a company of 50 employees and 10
contractors. The 10 contractors have emails addresses and exist in our
domain.

I would like to be able to restrict the contractors from accessing a
internal webpage. I would easily be able to do this be adding them to
a group and denying the group. I also want the 50 employees to be able
to see the webpage. What is the correct Authentication Method to do
this? I obviously want for the server to contact the DC to see if the
user is allowed to seee the page and if so allow the user to view the
page.

Thanks alot.

Zack

[ Post a follow-up to this message ]

Hi Zack,

What you could do is enable Integrated Windows Authentication and disable
Anonymous Access. Next thing you need to do is edit NTFS permissions on
website content (best to do it on the folder that holds your web data
files). Create a group for the users that need access to this site. Give
this group appropriate permissions (e.g. read). You will also want to grant
less restrictive permissions to the administrator and webmaster. Now if you
set this right your contractors should not see this site (they will be
prompted for username and password, but should not be able to get to the
content of the website).

Note, that if your contractors are members of domain, you can't use Domain
Users, Authenticated Users or Everyone groups for restrictions. They fall
under security context of this groups.

I hope this helps,

Mike

"Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
news:a2aa04c0.0409200818.75bab8b6@posting.google.com...
> I am the network administrator for a company of 50 employees and 10
> contractors. The 10 contractors have emails addresses and exist in our
> domain.
>
> I would like to be able to restrict the contractors from accessing a
> internal webpage. I would easily be able to do this be adding them to
> a group and denying the group. I also want the 50 employees to be able
> to see the webpage. What is the correct Authentication Method to do
> this? I obviously want for the server to contact the DC to see if the
> user is allowed to seee the page and if so allow the user to view the
> page.
>
> Thanks alot.
>
> Zack

[ Post a follow-up to this message ]

"Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
news:a2aa04c0.0409200818.75bab8b6@posting.google.com...
>I am the network administrator for a company of 50 employees and 10
> contractors. The 10 contractors have emails addresses and exist in our
> domain.
>
> I would like to be able to restrict the contractors from accessing a
> internal webpage. I would easily be able to do this be adding them to
> a group and denying the group. I also want the 50 employees to be able
> to see the webpage. What is the correct Authentication Method to do
> this? I obviously want for the server to contact the DC to see if the
> user is allowed to seee the page and if so allow the user to view the
> page.

IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control

IIS 6 Documentation
http://www.microsoft.com/technet/pr...hentication.asp

HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344

HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358

HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/defaul...kb;en-us;324274

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com

[ Post a follow-up to this message ]

Thanks alot for everyone's help.

"Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message news:<cin5v0$i6h16@k
cweb01.netnews.att.com>...
> "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
> news:a2aa04c0.0409200818.75bab8b6@posting.google.com... 
>
> IIS 5 Documentation
> http://www.microsoft.com/windows2000/en/server/iis/
> Microsoft Internet Information Server
>      Administration
>          Server Administration
>              Security
>                  Authentication
>                  Access Control
>
> IIS 6 Documentation
> http://www.microsoft.com/technet/pr...hentication.asp
>
> HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
> http://support.microsoft.com/?id=310344
>
> HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
> Windows NT 4.0
> http://support.microsoft.com/?id=325358
>
> HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
> http://support.microsoft.com/defaul...kb;en-us;324274

[ Post a follow-up to this message ]

A new twist:

The page is suppose to be available over the internet for employees to
log into at home. With "Integrated Windows Authentication" enabled,
only Administrators are able to see the page over the internet. (After
entering user name and password).

How can I let our employees and only our employees see the webpage
over the internet.

Zack
schneebie1@hotmail.com (Zack Schneeberger) wrote in message news:<a2aa04c0.0409211143.154842
d1@posting.google.com>...[vbcol=seagreen]
> Thanks alot for everyone's help.
>
> "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message ne
ws:<cin5v0$i6h16@kcweb01.netnews.att.com>... 

[ Post a follow-up to this message ]

"Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
news:a2aa04c0.0409231220.4027b78a@posting.google.com...
>A new twist:
>
> The page is suppose to be available over the internet for employees to
> log into at home. With "Integrated Windows Authentication" enabled,
> only Administrators are able to see the page over the internet. (After
> entering user name and password).
>
> How can I let our employees and only our employees see the webpage
> over the internet.

It basically works the same way - although Windows Intergated authentication
is primarily intended for intranet and not internet use.  What happens when
non-admins try to access (specifically what message if any do they get)?

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsser...ty/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com

[ Post a follow-up to this message ]

Anyone?

schneebie1@hotmail.com (Zack Schneeberger) wrote in message news:<a2aa04c0.0409231220.4027b7
8a@posting.google.com>...[vbcol=seagreen]
> A new twist:
>
> The page is suppose to be available over the internet for employees to
> log into at home. With "Integrated Windows Authentication" enabled,
> only Administrators are able to see the page over the internet. (After
> entering user name and password).
>
> How can I let our employees and only our employees see the webpage
> over the internet.
>
> Zack
> schneebie1@hotmail.com (Zack Schneeberger) wrote in message news:<a2aa04c0
.0409211143.154842d1@posting.google.com>... 

[ Post a follow-up to this message ]