Re: 401.1 Error w/ Anonymous Access
From: Peter Beck (pbeck@inscapesolutions.com)
Date: 11/01/02
- Next message: Steve Madsen: "IIS Lockdown"
- Previous message: CoachSage: "web.config location settings"
- In reply to: Karl Levinson [x y] mvp: "Re: 401.1 Error w/ Anonymous Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Peter Beck" <pbeck@inscapesolutions.com> Date: Fri, 1 Nov 2002 17:09:28 -0500
Thanks for your help Karl - I re-built the NTFS permissions, and with a
little more tinkering I was able to get it to work. I'm still not *exactly*
sure what was going wrong - it was a simple html page, so the IWAM account
wasn't being used - but learning a bit about how to use the audit files was
also really useful.
Regards,
Peter.
"Karl Levinson [x y] mvp" <jamescagney90210@excite.com> wrote in message
news:OoAGj5UgCHA.2544@tkmsftngp11...
>
> "Peter Beck" <pbeck@inscapesolutions.com> wrote in message
> news:OLerZbSgCHA.1648@tkmsftngp10...
> > Hi -
> >
> > I'm having a hard time getting Anonymous Access to work, and I'm
wondering
> > if anyone can point out what I'm doing wrong.
> >
> > This isn't mission-critical - I'm just working through setting the
machine
> > up this way to make sure I understand how it is *supposed* to work.
> >
> > - I'm using IIS5.0
> >
> > - I've set up a local account on the machine (Win2000 Professional,
> machine
> > called MIS-1112), and called the account SiteUser.
> >
> > - I've created a folder in the IIS "Default Web Site" called
> "SecurityTest",
> > and put a "hello world"-type page page inside the folder, called
> > default.htm.
> >
> > - In the "Directory Security" tab of the "Properties" of the folder in
the
> > "Default Web Site", I've disabled Integrated Windows Authentication,
and
> > enabled "Anonymous access". Clicking on "Edit", I've set
> MIS-1112\SiteUser
> > as the Username. I'm allowing IIS to control the password as this is a
> > local account (although it doesn't seem to make adifference if I leave
> this
> > box un-clicked)
> >
> > - In "Explorer" I've give SiteUser "Full Control" to the folder
> > "SecurityTest" and to the file "default.html"
> >
> > - In the local machine's Local Security Policy I've allowed SiteUser to
> Log
> > On Locally
> >
> > Having done all this, if I type "mis-1112/SecurityTest/default.html" I
> get
> > a 401.1 error. I am under the impression that if Anonymous Access is
> > allowed, IIS will treat the request as if it is coming from the user
> > "SiteUser", and treat the request with the permissions "SiteUser" has,
> > which should allow the file to be served.
> >
> > Obviously I'm missing some piece of the puzzle, or some concept - can
> > anyone straigten me out about this?
>
> It's a good idea both for troubleshooting and security to enable file and
> registry access failure auditing on all files and the HKEY_Local_Machine
> registry hive. Then you can see what is going wrong in the Windows
security
> event log. Search this newsgroup for "auditing" for further instructions.
>
> Also, as you may already know, if these are web scripts [such as .ASP] and
> the "application isolation" setting on the folder containing the scripts
is
> set to Medium or High in the IIS MMC, the IWAM_computername account is
being
> used instead of the anonymous user account.
>
> I assume you've already read www.iisfaq.com and www.microsoft.com/support,
> especially searching for the sections on "minimum NTFS permissions" for
IIS
> to work.
>
>
>
- Next message: Steve Madsen: "IIS Lockdown"
- Previous message: CoachSage: "web.config location settings"
- In reply to: Karl Levinson [x y] mvp: "Re: 401.1 Error w/ Anonymous Access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
