IIS 6.0 Security - NTFS, Terminal & Windows Integrated

From: Amihai Bareket (amihai73_at_hotmail.com)
Date: 10/25/04

Next message: A_at_T: "RE: IIS 6.0 Security - NTFS, Terminal & Windows Integrated"
Previous message: Greg Harris: "Re: Installed Symantec/Norton Internet Security 2005 and can no longer run IIS"
Next in thread: A_at_T: "RE: IIS 6.0 Security - NTFS, Terminal & Windows Integrated"
Reply: A_at_T: "RE: IIS 6.0 Security - NTFS, Terminal & Windows Integrated"
Reply: Tom Kaminski [MVP]: "Re: IIS 6.0 Security - NTFS, Terminal & Windows Integrated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 25 Oct 2004 20:25:30 +0200

I'm having a problem when trying to configure security for web sites on IIS
6.0, which will be accessed from Internet Explorer through Windows Server
2003 Terminal Services.
This is what I've done -

Created a security groups on Active Directory (Win2k3 - Domain local)
Created a Directory and set NTFS permissions (full control) on the new
directory for the new group only.
Set up virtual directory on IIS pointing to the new directory.
Configured directory security on the virtual directory for Integrated
Windows Authentication.
I've logged on to Terminal Server using an account which is a member in the
new security group, and tried to access the new virtual directory on the web
server.

I keep getting prompted for a user name and password!

I've trying accessing the same site directly from a computer joined to that
domain, logged on with the same user account, and it worked fine - I was
able to access the site and wasn't prompt for a password.

What am I doing wrong?

Next message: A_at_T: "RE: IIS 6.0 Security - NTFS, Terminal & Windows Integrated"
Previous message: Greg Harris: "Re: Installed Symantec/Norton Internet Security 2005 and can no longer run IIS"
Next in thread: A_at_T: "RE: IIS 6.0 Security - NTFS, Terminal & Windows Integrated"
Reply: A_at_T: "RE: IIS 6.0 Security - NTFS, Terminal & Windows Integrated"
Reply: Tom Kaminski [MVP]: "Re: IIS 6.0 Security - NTFS, Terminal & Windows Integrated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: how can I make money off my ultimate security solution for servers
... You can go to a company that specializes in security or Windows ... Joe Richards Microsoft MVP Windows Server Directory Services ... This is not just my opinion, I have shared this design with my friends ...
(microsoft.public.windows.server.security)
RE: NT/IIS decoy
... Does anyone know how to hide or mask the identity of a IIS 4.0 or 5.0 server ... Principal Security Consultant ... Best Individual Income Protection Provider 2001 - Health Insurance Magazine ...
(Pen-Test)
RE: Event ID 538 540 and 576
... Security Update for Windows Server 2003 KB935840 ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
[NT] Vulnerabilities in DNS Allows Spoofing (MS08-037)
... Get your security news from a reliable source. ... the Windows Domain Name System (DNS) that could allow spoofing. ... Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows ...
(Securiteam)
Re: IIS6 on W2k3 DCs
... How many times in big server land do I see folks that don't have backups ... >But Small Business Server 2003 runs with IIS on our domain controller. ... >Where's MY security risks these days? ... >>By referring to numerous security guides written specifically for NT4 ...
(Focus-Microsoft)