Re: 401.3 Unauthorized: Unauthorized due to ACL on resource

From: Cas Irvin [MS] (cirvinonline@microsoft.com)
Date: 07/31/02 

From: cirvinonline@microsoft.com (Cas Irvin [MS])
Date: Wed, 31 Jul 2002 16:09:57 GMT

Generally, a 401.3 error indicates a permissions issue.

To elaborate on the suggestions offered.

What Authentication method are you using?
In the properties of the website, check your security tab and find out what
authentication method you are using. Anonymous? Basic? Integrated? This
will effect what ACL's need to be set for your content.

Check the ACL's on the content - Check to see what permissions have been
set on the content you are trying to access. If you are using Anonymous,
then you need to make sure that your IUSR_<servername> account has at least
READ permissions to that content. If you are using Basic or Integrated then
you need to make sure that the user accounts that are accessing the content
have at least READ permissions.

I am curious as to why Netscape would work where IE does not. The last
suggestion was to check IE > Options > Security. Here I think you're
wanting to check to see what security level you are set for. If you choose
Custom and scroll to the very bottom, you will see a setting for User
Authentication. By default, this is set to "Automatic login only in
Intranet zone". Make sure that this is not set to anything else.

Hope that helps!

Cas Irvin
IIS Newsgroup Support

Please do not send email directly to this alias. This is our online account
name for newsgroup participation only.

This posting is provided “AS IS” with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.

Please remember to subscribe to our security bulletins at
<http://www.microsoft.com/technet/security/notify.asp>

Relevant Pages

  • Re: securing files in a public PC
    ... XP provides the best default NTFS and registry permissions ... With XP one can look at using Software Restriction Policy ... applications so that the public use account has not been granted ... Microsoft MVP (Windows Security) ...
    (microsoft.public.win2000.security)
  • Re: Why does Everyone have Full Control of everthing?
    ... Analysis snap-in to apply the Setup Security template to my machine, ... Perhaps I should have only applied the file permissions ... using the personal account created at setup. ... >list of default NTFS permissions for Windows 2000. ...
    (microsoft.public.windowsxp.general)
  • Re: unrestricted access to a file share
    ... Windows 2003 with increased default security as several users that have ... accessing a share when guest is enabled and everyone has permissions though ... account out to those at the location. ... fileshare that have never been defined on the server (neither the user ...
    (microsoft.public.security)
  • Re: Domain groups show up as a SID
    ... I believe that is the way security ... If you logon as a member of a Domain Admins group, but the Local Admins group is ... So if the Domain Admin group has an account named Administrator and the Local ... SID's for all Permissions viewed and granted to any Domain Account. ...
    (microsoft.public.win2000.security)
  • Re: Allow update of properties without allowing password changes, etc
    ... the people who are in that group very likely have enough permissions now to escalate themselves to domain or enterprise admins. ... First I added the "assistant" to the "Account Operators" group. ... Drilling into the Advanced security properties and clicking "Add", after adding the account in question, change the "Apply Onto" dropdown to "User Objects" and add the "Deny" permission for: ... Change Password ...
    (microsoft.public.windows.server.security)