Re: Disable NTLM so Kerberos falls back to BAsic

From: Tom Kaminski [MVP] ((A@T))
Date: 04/08/03


From: "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org>
Date: Tue, 8 Apr 2003 10:42:09 -0400


Ah, the security guys - understood.

Do the users only access the database through the app?
There's no need to hard code anything, it's all in permissions on the
content.

"John White" <john.white@telenor.co.uk> wrote in message
news:#S4DCkd$CHA.2052@TK2MSFTNGP11.phx.gbl...
> Hi Tom,
> Because our security guys want us to be able to explicitly restrict
data
> objects per user group rather than giving access to all due to the nature
of
> some of the data, they also don't like the thought of hard coded accounts
in
> code.
>
> Thanks
>
> John
> "Tom Kaminski [MVP]" <tomk (A@T) mvps (D.O.T) org> wrote in message
> news:b6uice$jjq4@kcweb01.netnews.att.com...
> > "John White" <john.white@telenor.co.uk> wrote in message
> > news:ubGhSWd$CHA.1600@TK2MSFTNGP10.phx.gbl...
> > > Hi,
> > > I have numerous ASP.NET applications which requires the users to
use
> > > their NT accounts to access them. These applications delegate to back
> end
> > > sql servers (2000) on other domain machines. The trouble is our client
> > base
> > > is a mix of Win98/NT and Windows 2000. Is there a way any pre win 2000
> > > machines are forced to use Basic if they don't support Kerberos like
> > win2k+,
> > > rather than falling back to NTLM which wont delegate??
> > >
> > > Currently we have to force all basic but management wants this stopped
> > where
> > > possible so users are automatically "logged" in to the sites.
> >
> > I don't know the answer, but just curious - why bother to authenticate
> each
> > user to SQL Server? Setup and manage all your permissions on the
ASP.NET
> > side. Just give access to info and functionality of the application to
> the
> > accounts it's appropriate for and use one dummy service account for all
> the
> > SQL connections.
> >
> > --
> > Tom Kaminski IIS MVP
> > http://www.iistoolshed.com/ - tools, scripts, and utilities for running
> IIS
> > http://mvp.support.microsoft.com/
> > http://www.microsoft.com/windowsserver2003/community/centers/iis/
> >
> >
> >
>
>



Relevant Pages

  • Re: Administrator/User security issues
    ... i have setup all the accounts, ... folders for testing the security. ... permissions but the admin. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Delegation - Password Reset - Access Denied
    ... If you go to properties of an AD object, select the security tab and click ... on advanced you should be on the permissions tab. ... WARNING - Any implicit permissions defined will be lost and reset back to ... Accounts in the OU and found that the BldgAdmins group was not listed. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Search for accounts based on advanced security permissions
    ... to query the security attributes and to change permissions and security ... Search for accounts based on advanced security permissions ... don't think there is any easy way to query for all users. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Security setup does not allow import of tables
    ... When you click on the menu option Tools> Security> User and Group ... Permissions at the bottom of the screen does it show you logged in as the ... | new system database that has a unique Name, Organization, ... In the User and Group Accounts dialog box, ...
    (microsoft.public.access.security)
  • RE: Search for accounts based on advanced security permissions
    ... to query the security attributes and to change permissions and security ... Microsoft Global Technical Support Center ... Search for accounts based on advanced security permissions ...
    (microsoft.public.windows.server.active_directory)