Re: Standalone Versus AD Joined Instalation

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 08/17/04

Next message: Ken Schaefer: "Re: Frontpage and IIS security"

Previous message: Karl Levinson [x y] mvp: "Re: IIS 6.0 W3SVC1 Logfile"
In reply to: Randy Faulkner: "Re: Standalone Versus AD Joined Instalation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 17 Aug 2004 10:47:44 +1000

IIS is impersonating an account to get access to the ASP files, and
somewhere along the line the account being impersonate is being denied
access to something, hence the ACL error.

Suggest you run Filemon, and see what's being denied access to what. If
Filemon doesn't turn up anything, run Regmon as you may have an issue on a
reg key instead.

That's the first place I would look.

Thanks.

Cheers
Ken

"Randy Faulkner" <anonymous@discussions.microsoft.com> wrote in message
news:697301c4839a$73fc66e0$a301280a@phx.gbl...
> Ken:
>
> Member server.
>
> 401.3 when **only** anonymous is checked.
>
> I used FileMon my first IIS install (and saw nothing
> unusual), but haven't since reinstalled.
>
> Nothing in the event logs.
>
> Double checked policies and group permissions as
> suggested by somebody who had similar issues.
>
> Currently HTML is working under anonymous. Just seems to
> be ASP pages (and ASP is enabled).
>
> Thanks.
>
>>-----Original Message-----
>>Hi,
>>
>>a) Is your machine a domain controller (DC)? Or just a
> member server in a
>>domain?
>>
>>b) When you are getting the 401.3 errors - what
> authentication methods do
>>you have checked in the IIS MMC Snapin?
>>
>>c) If you use Filemon from www.sysinternals.com, do you
> see any access
>>denied errors for a particular account?
>>
>>d) Anything in the Windows Event logs?
>>
>>Thanks
>>
>>Cheers
>>Ken
>>
>>"Randy Faulkner" <anonymous@discussions.microsoft.com>
> wrote in message
>>news:643c01c4830c$fceeef60$a301280a@phx.gbl...
>>> Would this difference in installation effect access
>>> permissions for ASP pages under IIS 6/Win3K? My
> server is
>>> joined to AD and I cannot get ASP pages to run under
>>> anonymous -- getting 401.3 ACL pemissions errors.
> Adding
>>> some other form of authentication for ASP pages
>>> (integrated or basic) with a logon prompt works.
>>
>>
>>.
>>

Next message: Ken Schaefer: "Re: Frontpage and IIS security"

Previous message: Karl Levinson [x y] mvp: "Re: IIS 6.0 W3SVC1 Logfile"
In reply to: Randy Faulkner: "Re: Standalone Versus AD Joined Instalation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please
... when an ASP page is executed in IIS? ... site that requires a user to enter their domain account to access the ... the ASP script code ... I find that the .exe runs ...
(microsoft.public.inetserver.iis.security)
Re: ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please
... when an ASP page is executed in IIS? ... site that requires a user to enter their domain account to access the ... the ASP script code ... I find that the .exe runs ...
(microsoft.public.inetserver.iis.security)
Re: ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please
... when an ASP page is executed in IIS? ... site that requires a user to enter their domain account to access the ... the ASP script code ... you should use Network Service instead of Local System ...
(microsoft.public.inetserver.iis.security)
Re: [Full-disclosure] MS06-034 lies? IIS 6 can still be owned?
... been long time without any IIS exploit and our ... that there was a way to elevate privileges. ... if you can upload an asp page then it's pretty simple ... IWAM_account. ...
(Full-Disclosure)
Re: Network permissions for w3wp.exe?
... I don't know what account that is, ... it a UNC path and IIS doesn't reference anything ... > What settings do you have in the process model in the machine.config? ... > that filemon shows you permission to the share location? ...
(microsoft.public.dotnet.framework.aspnet.security)