Re: IIS Lockdown - access denied securing PF

From: Matt Vaughan (hifidel@NOSPAMyahoo.com)
Date: 10/25/02 

From: "Matt Vaughan" <hifidel@NOSPAMyahoo.com>
Date: Thu, 24 Oct 2002 17:09:43 -0500

Looking through TechNet, I discovered I simply had incorrect IIS Lockdown
settings.

Thanks for the reply Karl.

"Karl Levinson [x y] MVP" <levinson_k@excite.com> wrote in message
news:u$cxospeCHA.3752@tkmsftngp08...
> Well, I'm just guessing, but perhaps Exchange changed them, or perhaps the
> files are in use by Exchange or by someone and cannot be modified, or
> perhaps the permissions are not as you expect. I might suggest you try
> enabling auditing of file access failure and then check the windows
security
> log to see what is being denied access.
>
> Of course, you may have the same problem changing the NTFS auditing
> property, but that too would be a clue, especially if you use a method
that
> tells you which file cannot be modified and why.
>
> =============
>
> Note that to enable logging of access to files or registry settings, you
> must both enable logging in the overall computer policy AND also add
> auditing settings on individual folders or registry keys in the NTFS
> security properties in Windows Explorer or the REGEDT32 registry editor.
> [Using REGEDIT will not work.] To log file access, the files must be on an
> NTFS-formatted partition.
>
> Note also that to enable logging of security events on a Windows domain,
you
> must change the auditing policy on all domain controllers. Changing the
> auditing policy on the computers in the domain enables logging of failed
> logins to the computers using local accounts and would not necessarily log
> attempts to log into the domain.
>
> Consider changing the Windows event log settings to be appropriate for
your
> environment. Consider increasing the maximum log size to retain more
> information. Be careful not to log too much, or you might find that your
> logs contain only a few minutes or hours worth of data. Finally, check the
> logs to be sure logs are really being captured.
>
> For more information on enabling and configuring auditing, see the
articles
> below:
> http://nsa1.www.conxion.com/win2k/download.htm a.k.a. http://www.nsa.gov
> [look for the NSA Security Recommendation Guides for Windows 2000 and also
> Group Policy]
>
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/
> 13w2kadc.asp
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310399 - XP
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300549 - 2000
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248260 - 2000
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q301640 - 2000,
file
> access settings
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300958 - 2000,
> monitoring for unauthorized user access
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q157238 - NT
> http://www.labmice.net/troubleshooting/EventLog.htm
>
> [Thanks to Thomas Deml and others]
>
> "Matt Vaughan" <hifidel@NOSPAMyahoo.com> wrote in message
> news:Ov9QihpeCHA.1596@tkmsftngp10...
> > Yes, the my Exchange admin account. How can these permissions have
> changed?
> >
> >
> > "Karl Levinson [x y] MVP" <levinson_k@excite.com> wrote in message
> > news:uNUHxXgeCHA.4228@tkmsftngp08...
> > > I'm guessing IISlockdown is trying to change NTFS permissions on those
> > > directories. Are you logged in with an account that has the
privileges
> to
> > > do so?
> > >
> > > "Matt Vaughan" <hifidel@NOSPAMyahoo.com> wrote in message
> > > news:uyxxT5feCHA.1760@tkmsftngp12...
> > > > I get the following message when running the IIS Lockdown tool on my
> > > backend
> > > > Exchange server:
> > > >
> > > > Warning: Unable to secure content (M:\Domain.com\Public Folders):
> Access
> > > is
> > > > denied.
> > > > Warning: Stopped processing this directory after 3 failures
> > > > (M:\Domain.com\Public Folders\Bulletin Boards
> > > >
> > > > This warning also comes up for each public folder.
> > > >
> > > > Any ideas?
> > > >
> > > >
> > > > -Matt
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: IIS Lockdown - access denied securing PF
    ... Well, I'm just guessing, but perhaps Exchange changed them, or perhaps the ... you may have the same problem changing the NTFS auditing ... security properties in Windows Explorer or the REGEDT32 registry editor. ... must change the auditing policy on all domain controllers. ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS denied access to this machine
    ... > I have just installed IIS on Windows XP Pro and when I go ... Try enabling auditing of failed login events and file access failures on all ... Note that to enable logging of access to files or registry settings, ... must change the auditing policy on all domain controllers. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Serious search problem
    ... "Robin Bignall" wrote: ... and ran all of the virus and malware checkers again. ... On the IE properties windows you will see these Taps: ... Click Privacy Tab and make sure your Privacy settings at least Medium High, ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: SunJavaScript/Flash/IE6 Not Working right! Help?
    ... I went to that site with my ZAPro settings as is - was able to view the ... I even tried lowering Internet Zone ... Using the Windows Firewall is, for me, not an option. ... The safe Mode test sort of implicates ZA. ...
    (microsoft.public.windows.inetexplorer.ie6.setup)
  • Windows Freezes at Logon after DL Windows updates
    ... the computer had shut me out starting windows ... I clicked my name Maureen Kennedy, and it would start to say it ... -2254 Service Pack 2 That screen shows administrator logon ... Userser name in my documents and settings - called ...
    (microsoft.public.windowsxp.help_and_support)