Re: IIS/Windows Permissions/Rights

From: Tom Kaminski [MVP] ((A_at_T))
Date: 06/24/05 

Date: Fri, 24 Jun 2005 08:56:38 -0400

"Paul J. Landry" <PaulJLandry@discussions.microsoft.com> wrote in message
news:49095294-6DE0-46E4-9001-365587F1F742@microsoft.com...
> HI Guys.
> I hope you can help me out!
>
> I've poseted a similar question on "inetserver.asp.general" a couple of
> days
> ago, but I think I'm gonna have better luck here since it's more of a
> security issue, than a programming issue...
>
> Here's the scenario: 2 Windows 2000 servers and one workstation. (Let's
> call them WebServer, FileServer and XPClient). All 3 computers are on the
> same domain. Both Servers are DC's. (I've also tried with 1 DC and 1
> Member
> server)
>
> I've written some asp pages for my Intranet that allows me to see basic
> information aount user accounts. Included in that information is disk
> quota
> data such as QuotaLimit, QuotaUsed, etc.
>
> The web server (IIS5) is configured for "Integrated Windows
> Authentication"
> which appears to be working perfectly. In every instance, I connect using
> an
> Admin account. NTFS permissions on the web site make sure of that.
>
> If IE on WebServer connects to WebServer, IIS properly connects to
> \\FileServer\c$ and retrieves the quota information correctly.
>
> If IE running on either XPClient or FileServer connects to WebServer, IIS
> fails to retrieve the Quota Information for \\FileServer\c$. IIS returns
> an
> "Access Denied" error to the "QuotaObject.Initialize \\FileServer\c$\,
> true"
> statement
>
> I attempted to make IWAM_WebServer a member of the Administrators and
> Domain
> Admins global groups. No success
>
> Since the page loads perfectly when I connect from the web server, this
> indicates that the problem is not that the IIS server can't talk properly
> to
> the file server. Rather it seems to indicate that the user account IIS
> uses
> to retrieve the data is different if I'm using the server itself instead
> of a
> client.
>
> Any thoughts?

Could be a double-hop delegation issue. What happens if you use Basic
authentication instead on Windows Integrated? 

-- 
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserver2003/community/centers/iis/
http://mvp.support.microsoft.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS

Relevant Pages

  • IIS/Windows Permissions/Rights
    ... The web server is configured for "Integrated Windows Authentication" ... If IE on WebServer connects to WebServer, ... If IE running on either XPClient or FileServer connects to WebServer, IIS ...
    (microsoft.public.inetserver.iis.security)
  • Re: Page Cannot Be Displayed Errors
    ... I have remote access to the server through Remote Desktop, ... Where can I get the IIS 6.0 Resource Kit, and how do I use WFetch? ... following through with the request, ... > It sounds like you are quite close to the webserver. ...
    (microsoft.public.inetserver.iis)
  • Re: Page Cannot Be Displayed Errors
    ... It sounds like you are quite close to the webserver. ... need to connect directly to IIS) ... If you see requests in the network monitor ... There is a network monitor included in Windows Server 2003 (not sure about ...
    (microsoft.public.inetserver.iis)
  • Re: Custom Web Server
    ... server. ... setting up IIS isn't hard from an installer, ... > just monitors a database and sends out emails based on certain critera in ... >> webserver on the local computer, therefore you need something as IIS on ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Help - Port 80 being targeted
    ... I have now moved this operation over to an ftp server which will relieve ... short of upgrading to w2k server or using another webserver ... >> What you're seeing could possibly be a nimda or code red worm scanning ... >> IIS, especially the parts about deleting unnecessary files. ...
    (comp.security.firewalls)