Log on Locally user right for IIS Lockdown servers
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Log on Locally user right for IIS Lockdown servers




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Log on Locally user right for IIS Lockdown servers  


Report This Message To A Moderator Edit/Delete Message


 
12-29-04 10:56 PM

Hello,

We have a server that has IIS lockdown and basic authentication for a
website and when the server team applied a policy that restricted logon only
to administrators, no one was able to log into the application.  The
application users are not actually logging in locally, so I am thinking that
there is something in the IIS definition that requires that they have this
privilege.  In addition, we took the IUSR and VUSR accounts and also Web
anonymous (all "Web" groups local to the machines) and added them, and still
no luck.  We added the Everyone group, and this resolved the problem.  Is
there any way to preserve non Single Sign-on authentication and not have to
have the Everyone group with the log on locally user right?

Thanks.




[ Post a follow-up to this message ]



    Re: Log on Locally user right for IIS Lockdown servers  
David Wang [Msft]


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
12-30-04 07:47 AM

Basic Auth requires that the authenticating user have "login locally"
privilege on the server.

The reason that your changes to IUSR/VUSR/Web Anonymous group have no effect
is because those users are NOT used for basic auth (they are accounts used
for Anonymous auth)

The actual user accounts authenticating under Basic auth needs to have
"login locally" privilege.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<-> wrote in message news:OLg0S3e7EHA.3236@TK2MSFTNGP15.phx.gbl...
Hello,

We have a server that has IIS lockdown and basic authentication for a
website and when the server team applied a policy that restricted logon only
to administrators, no one was able to log into the application.  The
application users are not actually logging in locally, so I am thinking that
there is something in the IIS definition that requires that they have this
privilege.  In addition, we took the IUSR and VUSR accounts and also Web
anonymous (all "Web" groups local to the machines) and added them, and still
no luck.  We added the Everyone group, and this resolved the problem.  Is
there any way to preserve non Single Sign-on authentication and not have to
have the Everyone group with the log on locally user right?

Thanks.




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 07:59 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register