Re: 401.1 Error w/ Anonymous Access
From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 11/01/02
- Next message: Karl Levinson [x y] mvp: "Re: IIS - Sub directory permissions"
- Previous message: Karl Levinson [x y] mvp: "Re: Help!? New Certificate Doesn't Work"
- In reply to: Peter Beck: "401.1 Error w/ Anonymous Access"
- Next in thread: Peter Beck: "Re: 401.1 Error w/ Anonymous Access"
- Reply: Peter Beck: "Re: 401.1 Error w/ Anonymous Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com> Date: Thu, 31 Oct 2002 21:32:42 -0500
"Peter Beck" <pbeck@inscapesolutions.com> wrote in message
news:OLerZbSgCHA.1648@tkmsftngp10...
> Hi -
>
> I'm having a hard time getting Anonymous Access to work, and I'm wondering
> if anyone can point out what I'm doing wrong.
>
> This isn't mission-critical - I'm just working through setting the machine
> up this way to make sure I understand how it is *supposed* to work.
>
> - I'm using IIS5.0
>
> - I've set up a local account on the machine (Win2000 Professional,
machine
> called MIS-1112), and called the account SiteUser.
>
> - I've created a folder in the IIS "Default Web Site" called
"SecurityTest",
> and put a "hello world"-type page page inside the folder, called
> default.htm.
>
> - In the "Directory Security" tab of the "Properties" of the folder in the
> "Default Web Site", I've disabled Integrated Windows Authentication, and
> enabled "Anonymous access". Clicking on "Edit", I've set
MIS-1112\SiteUser
> as the Username. I'm allowing IIS to control the password as this is a
> local account (although it doesn't seem to make adifference if I leave
this
> box un-clicked)
>
> - In "Explorer" I've give SiteUser "Full Control" to the folder
> "SecurityTest" and to the file "default.html"
>
> - In the local machine's Local Security Policy I've allowed SiteUser to
Log
> On Locally
>
> Having done all this, if I type "mis-1112/SecurityTest/default.html" I
get
> a 401.1 error. I am under the impression that if Anonymous Access is
> allowed, IIS will treat the request as if it is coming from the user
> "SiteUser", and treat the request with the permissions "SiteUser" has,
> which should allow the file to be served.
>
> Obviously I'm missing some piece of the puzzle, or some concept - can
> anyone straigten me out about this?
It's a good idea both for troubleshooting and security to enable file and
registry access failure auditing on all files and the HKEY_Local_Machine
registry hive. Then you can see what is going wrong in the Windows security
event log. Search this newsgroup for "auditing" for further instructions.
Also, as you may already know, if these are web scripts [such as .ASP] and
the "application isolation" setting on the folder containing the scripts is
set to Medium or High in the IIS MMC, the IWAM_computername account is being
used instead of the anonymous user account.
I assume you've already read www.iisfaq.com and www.microsoft.com/support,
especially searching for the sections on "minimum NTFS permissions" for IIS
to work.
- Next message: Karl Levinson [x y] mvp: "Re: IIS - Sub directory permissions"
- Previous message: Karl Levinson [x y] mvp: "Re: Help!? New Certificate Doesn't Work"
- In reply to: Peter Beck: "401.1 Error w/ Anonymous Access"
- Next in thread: Peter Beck: "Re: 401.1 Error w/ Anonymous Access"
- Reply: Peter Beck: "Re: 401.1 Error w/ Anonymous Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
