I am using basic authentication to grant users access to a secure page
that I am hosting. When they try to log they are unable to. In the
event viewer I get:

Logon Failure:
Reason:	The user has not been granted the requested
logon type at this machine
User Name:	testuser
Domain:		MYDOMAIN
Logon Type:	2
Logon Process:	IIS
Authentication  Package:	MICROSOFT_AUTHENTICATION_PACKAG
E_V1_0
Workstation Name:	SERVER21


However, if I make all 'Authenticated Users' part of the
'Administrator' group local to the machine, they are granted access
and they webpage works. This is very unsecure. How do I fix it?

Zack

[ Post a follow-up to this message ]

Hi Zack,

You will have to edit local policy. Click on Start -> Run -> gpedit.msc and
click OK.

Under Computer Configuration -> Windows Settings -> Security Settings ->
Local Policies -> User Rights Assignment and look for "Access this computer
from the network". Double click on this policy and make sure that e.g.
Authenticated Users group is in this policy. You can also try and add one of
your users in this policy. After this is done close the policy and try to
access website using this account that you added to the policy.

I hope this helps,

Mike

"Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
news:a2aa04c0.0409270743.5f0d3d94@posting.google.com...
> I am using basic authentication to grant users access to a secure page
> that I am hosting. When they try to log they are unable to. In the
> event viewer I get:
>
> Logon Failure:
>   Reason: The user has not been granted the requested
>   logon type at this machine
>   User Name: testuser
>   Domain: MYDOMAIN
>   Logon Type: 2
>   Logon Process: IIS
>   Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>   Workstation Name: SERVER21
>
>
> However, if I make all 'Authenticated Users' part of the
> 'Administrator' group local to the machine, they are granted access
> and they webpage works. This is very unsecure. How do I fix it?
>
> Zack

[ Post a follow-up to this message ]

The 'Everyone' group is included in the "Access this computer from the
network" so I don't think that that is the problem. Any other ideas?

Zack

"Miha Pihler" <mihap-news@atlantis.si> wrote in message news:<uY9k$0KpEHA.2612@TK2MSFTNGP15.
phx.gbl>...[vbcol=seagreen]
> Hi Zack,
>
> You will have to edit local policy. Click on Start -> Run -> gpedit.msc an
d
> click OK.
>
> Under Computer Configuration -> Windows Settings -> Security Settings ->
> Local Policies -> User Rights Assignment and look for "Access this compute
r
> from the network". Double click on this policy and make sure that e.g.
> Authenticated Users group is in this policy. You can also try and add one 
of
> your users in this policy. After this is done close the policy and try to
> access website using this account that you added to the policy.
>
> I hope this helps,
>
> Mike
>
> "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
> news:a2aa04c0.0409270743.5f0d3d94@posting.google.com... 

[ Post a follow-up to this message ]

Check that e.g. everyone or accounts used are not in e.g. Deny access to
this computer from the network. Deny will override allow policy.

Mike

"Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
news:a2aa04c0.0409280927.51c477d7@posting.google.com...
> The 'Everyone' group is included in the "Access this computer from the
> network" so I don't think that that is the problem. Any other ideas?
>
> Zack
>
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:<uY9k$0KpEHA.2612@TK2MSFTNGP15.phx.gbl>...[vbcol=seagreen] 
and[vbcol=seagreen] 
computer[vbcol=seagreen] 
one of[vbcol=seagreen] 
to[vbcol=seagreen] 

[ Post a follow-up to this message ]

Mike - I appreciate your help but there are no accounts in the "Deny
access to
this computer from the network." This is really stumping me. Any other
ideas?

What is the difference between 'Log on Locally' and 'Access this
computer from the network?'

Zack
"Miha Pihler" <mihap-news@atlantis.si> wrote in message news:<unAwWSZpEHA.4008@TK2MSFTNGP14.
phx.gbl>...[vbcol=seagreen]
> Check that e.g. everyone or accounts used are not in e.g. Deny access to
> this computer from the network. Deny will override allow policy.
>
> Mike
>
> "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
> news:a2aa04c0.0409280927.51c477d7@posting.google.com... 
>  news:<uY9k$0KpEHA.2612@TK2MSFTNGP15.phx.gbl>... 
>  and 
>  computer 
>  one of 
>  to 

[ Post a follow-up to this message ]

Logon Locally policy will allow user to log in when behind the computer
while access this computer from the network will only allow users to e.g.
access shares but will not allow users to e.g. logon to the server...

If you use domain authentication try like this. Under username enter:

domain_name\username

where domain_name is NetBIOS name of your domain and
username is user account created in your domain.

Mike

"Zack Schneeberger" <schneebie1@hotmail.com> wrote in message
news:a2aa04c0.0409290926.480d7e90@posting.google.com...
> Mike - I appreciate your help but there are no accounts in the "Deny
> access to
> this computer from the network." This is really stumping me. Any other
> ideas?
>
> What is the difference between 'Log on Locally' and 'Access this
> computer from the network?'
>
> Zack
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:<unAwWSZpEHA.4008@TK2MSFTNGP14.phx.gbl>...[vbcol=seagreen] 
gpedit.msc[vbcol=seagreen] 
Settings ->[vbcol=seagreen] 
e.g.[vbcol=seagreen] 
add[vbcol=seagreen] 
try[vbcol=seagreen] 
page[vbcol=seagreen] 
access[vbcol=seagreen] 

[ Post a follow-up to this message ]

Hello
Logon type 2 is Interactive. This means that the user is missing the Log on
Locally privilege. Users who must authenticate successfully with Basic
authentication require this privilege. Make sure these users (or the groups
they belong to) are not listed under the Deny Log on Locally privilege.

Hope this helps,
Yogita Manghnani
Microsoft Developer Support
Internet Information Server

 ****************************************
 *****************************[vbcol=seag
reen] 
account name for newsgroup participation only.<<

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

© 2003 Microsoft Corporation. All rights reserved.
 ****************************************
*****************************

[ Post a follow-up to this message ]