Re: IIS denied access to this machine
From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 11/02/02
- Next message: Raja S. Lamba: "Re: IIS 6.0 Restricts files with .snp extension"
- Previous message: Karl Levinson [x y] mvp: "Re: Guide to secure installtion of IIS 5"
- In reply to: Kyriakos: "IIS denied access to this machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com> Date: Sat, 2 Nov 2002 08:44:31 -0500
"Kyriakos" <kyriakos_t@yahoo.com> wrote in message
news:a13501c28266$f7e8cf20$3bef2ecf@TKMSFTNGXA10...
> HI,
>
> I have just installed IIS on Windows XP Pro and when I go
> the the IIS through MMC and try to connect to the local
> machine it says :
>
> You have been denied access to this machine.
>
> Maybe I should note that I upgraded Windows XP from
> Windows 2000 Pro.
Try enabling auditing of failed login events and file access failures on all
files on your computer, then check the Windows security event log to see
which account is being denied access to what.
For more information:
==============
Note that to enable logging of access to files or registry settings, you
must both enable logging in the overall computer policy AND also add
auditing settings on individual folders or registry keys in the NTFS
security properties in Windows Explorer or the REGEDT32 registry editor.
[Using REGEDIT will not work.] To log file access, the files must be on an
NTFS-formatted partition.
Note also that to enable logging of security events on a Windows domain, you
must change the auditing policy on all domain controllers. Changing the
auditing policy on the computers in the domain enables logging of failed
logins to the computers using local accounts and would not necessarily log
attempts to log into the domain.
Consider changing the Windows event log settings to be appropriate for your
environment. Consider increasing the maximum log size to retain more
information. Be careful not to log too much, or you might find that your
logs contain only a few minutes or hours worth of data. Finally, check the
logs to be sure logs are really being captured.
For more information on enabling and configuring auditing, see the articles
below:
http://nsa1.www.conxion.com/win2k/download.htm a.k.a. http://www.nsa.gov
[look for the NSA Security Recommendation Guides for Windows 2000 and
also Group Policy]
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/
13w2kadc.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310399 - XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300549 - 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248260 - 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q301640 - 2000, file
access settings
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q300958 - 2000,
monitoring for unauthorized user access
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q157238 - NT
http://www.labmice.net/troubleshooting/EventLog.htm
[Thanks to Thomas Deml and others]
- Next message: Raja S. Lamba: "Re: IIS 6.0 Restricts files with .snp extension"
- Previous message: Karl Levinson [x y] mvp: "Re: Guide to secure installtion of IIS 5"
- In reply to: Kyriakos: "IIS denied access to this machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
