Re: NTFS Permissions
From: IT Community (it-community@microsoft.com)
Date: 06/02/02
- Next message: IT Community: "RE: Password Protect Intranet Pages"
- Previous message: IT Community: "RE: Default authentication setting"
- In reply to: Brian Boynton: "Re: NTFS Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: it-community@microsoft.com (IT Community) Date: Sun, 02 Jun 2002 13:36:52 GMT
1.
| If I go back to the Virtual Directory Security and use Basic
Authentication
| (specifying the domain after typing EDIT) instead of Windows Integrated
| Authentication, then I only get a two line prompt, logically, and the
| EXECUTIVE can log in with just their username and password.
|
| What the hell is going in with this Windows Integrated authentication?
Integrated Windows, i.e. NTLM or NT Challenge/Response, has a limitation
when authenticated through a proxy or firewall. Please review
Q198116 Authentication Options and Limitations Using Proxy Server 2.0
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q198116>
2.
| But if you're logged into a workstation machine as a LOCAL
| USER, and the 3-line security login-pops up...you can log in.
This is due to log on locally right is needed. Please review
Q187506 List of NTFS Permissions Required for IIS Site to Work
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q187506>
3.
| I experimented with the Anonymous User I'm using (which is a domain
| Anonymous user), making it a member of the EXEC group, etc. That doesn't
| work.
Notice a domain or a local account is used for anonymous access. Please
review:
Q183722 Password Synchronization and Local User Accounts Information
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q183722
This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2002 Microsoft Corporation. All rights
reserved.
Cumulative Patch for Internet Information Services (Q319733) released
04/10/2002
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
--------------------
| From: "Brian Boynton" <bboynton3@hotmail.com>
| References: <uspxl9yBCHA.1360@tkmsftngp05>
| Subject: Re: NTFS Permissions
| Date: Thu, 30 May 2002 13:02:20 -0400
| Lines: 52
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 5.50.4807.1700
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Message-ID: <OweZqu$BCHA.2656@tkmsftngp05>
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: 65.106.140.148
| Path: cpmsftngxa07!tkmsftngxs02!tkmsftngp01!tkmsftngp05
| Xref: cpmsftngxa07 microsoft.public.inetserver.iis.security:7226
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
|
|
| Hello,
| I have a basic question about permissions for an Intranet page I'm
setting
| up.
|
| The intranet page we're setting up will have links to various department
| pages. For the sake of an example, let's say I want to restrict access
to
| the EXEC page to the EXEC group. The easiest way to go about this would
be
| to use the NTFS Security Tab on the Folder itself. The EXEC group now
has
| Read/Write permissions to that folder within Inetpub
| (c:\inetpub\intranet_site\Exec).
|
| All of this time I've enabled the anonymous user login usage for the
| Intranet Virtual Directory. However, if I use Windows Integrated
| Authentication, I get a three-line login prompt, when trying to gain
| access,
| which no EXECUTIVE, after using their login, password, and domain
| specification as instructed, can get past. (the dialog prompt just
repeats
| three times and I get the unauthorized page message)
|
| If I apply DOMAIN USERS to the NTFS permissions for the EXEC folder, THEN
| EVERYONE can get in. So at least I can get access to the page, but now
| EVERYONE has access.
|
| If I go back to the Virtual Directory Security and use Basic
Authentication
| (specifying the domain after typing EDIT) instead of Windows Integrated
| Authentication, then I only get a two line prompt, logically, and the
| EXECUTIVE can log in with just their username and password.
|
| What the hell is going in with this Windows Integrated authentication?
|
| Other things I've noticed with Windows Integrated authentication...is if
| You're logged into the domain ALREADY, and a 3-line dialog box pops up,
it
| never works. But if you're logged into a workstation machine as a LOCAL
| USER, and the 3-line security login-pops up...you can log in.
|
| I experimented with the Anonymous User I'm using (which is a domain
| Anonymous user), making it a member of the EXEC group, etc. That doesn't
| work.
|
| Any feedback would be greatly appreciated.
|
| At this point I'm happy with the Basic Authentication, but I'd prefer a
| functioning transparent login for users. (plus something that's a
little
| more secure, even though this is an intranet page)
| Thanks,
|
| Brian
|
|
|
|
- Next message: IT Community: "RE: Password Protect Intranet Pages"
- Previous message: IT Community: "RE: Default authentication setting"
- In reply to: Brian Boynton: "Re: NTFS Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
