Re: Log on Locally user right for IIS Lockdown servers

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 12/30/04

Next message: WenJun Zhang[msft]: "RE: NNTP management disapeared"
Previous message: Eric Renken: "Re: SSL Cert Request Access Denied"
In reply to: -: "Log on Locally user right for IIS Lockdown servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 29 Dec 2004 20:41:44 -0800

Basic Auth requires that the authenticating user have "login locally"
privilege on the server.

The reason that your changes to IUSR/VUSR/Web Anonymous group have no effect
is because those users are NOT used for basic auth (they are accounts used
for Anonymous auth)

The actual user accounts authenticating under Basic auth needs to have
"login locally" privilege.

-- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<-> wrote in message news:OLg0S3e7EHA.3236@TK2MSFTNGP15.phx.gbl...
Hello,
We have a server that has IIS lockdown and basic authentication for a
website and when the server team applied a policy that restricted logon only
to administrators, no one was able to log into the application.  The
application users are not actually logging in locally, so I am thinking that
there is something in the IIS definition that requires that they have this
privilege.  In addition, we took the IUSR and VUSR accounts and also Web
anonymous (all "Web" groups local to the machines) and added them, and still
no luck.  We added the Everyone group, and this resolved the problem.  Is
there any way to preserve non Single Sign-on authentication and not have to
have the Everyone group with the log on locally user right?
Thanks.

Next message: WenJun Zhang[msft]: "RE: NNTP management disapeared"
Previous message: Eric Renken: "Re: SSL Cert Request Access Denied"
In reply to: -: "Log on Locally user right for IIS Lockdown servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Log on Locally user right for IIS Lockdown servers
... Basic Auth requires that the authenticating user have "login locally" ... privilege on the server. ... The actual user accounts authenticating under Basic auth needs to have ... "login locally" privilege. ...
(microsoft.public.inetserver.iis)
Re: POP3 DNS problem?
... Make sure you are authenticating using the logon email address that is under ... The Exchange server had been spitting out ... >> the LogOn account of the Exchange POP3 service, ... It would seem that the connection is getting through to the ...
(microsoft.public.exchange.admin)
AD domain authentication through VPN
... Remote WinXP SP2 Laptop ... Cisco VPN Server ... for authenticating my machines through the VPN against my domain DC's. ... I configured the VPN client connection ...
(microsoft.public.windowsxp.network_web)
Re: Trust between two Forests Fail
... We are a Forward Look Up Zone in their Windows DNS and They are ... Never set two DNS Server sets to forward ... Either the other uses isn't an Admin or isn't properly authenticating ... Active Directory Users and Computers" "Connect to ...
(microsoft.public.windows.server.active_directory)
Strange Outlook 2007 SMTP Authentication Problem (Vista SP2 Issue?
... Linux server indicated the problem. ... connection instead of authenticating. ... Next I check the account settings in Outlook. ... The test message from the "Test Account Settings" button works fine. ...
(microsoft.public.outlook.general)