Re: Use NT security for Web Application, don't use Internet User Guest Account

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 05/29/03 

Date: Wed, 28 May 2003 16:28:40 -0700

"Colin Colin" <ccole@ghs.guthrie.org> wrote in message
news:uV0nwZVJDHA.276@tk2msftngp13.phx.gbl...
>
>
> I am sure this has been asked before and I have searched but I haven't
> found the answer, perhaps I am not searching right or in the right
> place.
>
> I want users only with the appropriate security to run a specific web
> application. Basically I do not want the Internet User Guest account to
> be able to run the application. But, I would also like it if the user
> were already logged into the network, they won't be prompted for their
> user id and password.
>
> Now the details.
> I have a web app server, NT26. I installed a web application for FRx on
> this machine. In IIS I setup a new website for this called FrxWeb on
> port 10. It works fine. The folders that the webapp runs off from are
> e:\frxwebport so this is the default folder for my frxweb site. The asp
> files are in this folder. The data that the asp files reads are in
> another subfolder e:\frxwebport\data\.
>
> Currently Allow Anonymous Access is checked in the Directory Security
> for the FrxWeb website.
> The Internet User Guest Account (NT6\IUSR_DELLPOWERAPP) has rights to
> the e:\frxwebport, and the Everyone group has rights to this folder.
>
> So everything is fine. I can goto: http://NT26:10 and the web page runs
> fine. So now I want to make it restrictive to a certain group.
>
> We have a group of people that we want to be able to run this. The
> group is g2000\freports. I created a local group on nt26 called:
> nt26\freports I then made g2000\freports a member of nt26\freports.
>
> I then gave nt26\freports security to the e:\frxwebport directory.
>
>
> What should I do or where should I look?
>
> This is a Windows 2000 machine. I think it's IIS 5.
>
> Thank you
> -Colin
>

Where should you look for what ?
Make the website not allow anonymous and make sure
it does allow NT style logins. Change the permissions on
the content so that IUSR_ and Everyone do not have any
premissions but that your custom group of allowed users
do (make sure they also have logon rights on the machine).
Depending on the isolation level you use you may also
need to adjust permissions on your application components.

Relevant Pages

  • Use NT security for Web Application, dont use Internet User Guest Account
    ... In IIS I setup a new website for this called FrxWeb on ... files are in this folder. ... Currently Allow Anonymous Access is checked in the Directory Security ... The Internet User Guest Account has rights to ...
    (microsoft.public.inetserver.iis.security)
  • Re: SBS 2003 folder redirection, offline files, ..and more
    ... you log into a shared PC with admin rights and go to Windows Explorer Folder ... documents are redirected to the server. ... without redirection, they wouldn't have been. ...
    (microsoft.public.windows.server.sbs)
  • RE: Permission Question
    ... The moved file inherits the permission from the parent folder. ... This posting is provided "AS IS" with no warranties,and confers no rights. ... Carlos folder - Full rights to Carlos plus inherit ... Template CK - inherit rights from CPF plus CK has full rights ...
    (microsoft.public.win2000.general)
  • Re: Permission Question
    ... there a way for a person who has rights from one folder ... such as Template, can that person copy into a another folder where they have ... Carlos folder - Full rights to Carlos plus inherit ...
    (microsoft.public.win2000.general)
  • Re: User access to view open files in computer management
    ... Sorry, but I don't know, how can I give user rights to shared folders, open ... etc entry in computer management? ... You'll have to run the batch file as a scheduled task (on the server), ... you have a folder off the root on the server called DATA. ...
    (microsoft.public.windows.server.general)