Re: Need to restrict access to an EXE in IIS6

David,

I moved the file to a new folder called "help" and I got it to work if I set
authentication to Basic within IIS Manager for the Directory properties, but
it fails if I have it set to Integrated Windows Authentication.

That is a good start, I guess!

Gregg Hill



"David Wang [Msft]" <someone@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:Otxr1CNJGHA.344@xxxxxxxxxxxxxxxxxxxxxxx
http://blogs.msdn.com/david.wang/archive/2005/12/31/HOWTO_Basics_of_IIS6_Troubleshooting.aspx

Please provide the IIS web logfile entries which correspond to your failed
attempts. In particular, the HTTP status code, substatus code, and win32
error code.

You don't need to get frustrated, try random username combinations, nor
waste time guessing at problems that may not exist. It's a server, so you
just need to read log files to determine what is wrong and then directly
fix it.

Your scenario pretty much works by default by using default configuration,
set NTFS ACLs on the resources to lockdown to only allow access to the
necessary users, and then configure IIS to require Authentication of some
sort. The rest of the password prompt, etc will automatically happen when
necessary.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no
rights.
//

"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:%23TspXw%23IGHA.1088@xxxxxxxxxxxxxxxxxxxxxxx
David,

Thank you for your response.

I went into Windows Explorer and set the NTFS permissions on the
support.exe file (under wwwroot) with Administrators and System set to
Full Control, and the particular client user name to Read.

I then looked at the Default Web Site using IIS Manager, and set Execute
Permissions to None (it was on Scripts only). I disabled anonymous access
on the support.exe file using IIS Manager.

My original problem was trying to get it to prompt for name and password.
I succeeded in getting that far before, then applied your suggestions as
well. The behavior I got before and still get now is that I get the
prompt, but no matter how I enter the user name and password, it keeps
going back to the prompt.

The server is not a domain controller, but is a stand-alone server. I
tried all of these combinations:
username and password
domain\username and password
computername\username and password
workgroupname\username and password

Nothing works. I keep getting bounced back to the prompt. I have tried
this from three different computers at three different sites to eliminate
caching as a problem.

Gregg Hill





"David Wang [Msft]" <someone@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:uDbIMB8IGHA.2912@xxxxxxxxxxxxxxxxxxxxxxx
This is standard procedure.

Enable authentication protocol and disable anonymous access for
support.exe

Make sure "Scripts and Executables" is not enabled because you want
support.exe to be downloaded, not executed. Better yet, set Execute
Permissions to "None" so that it can only be downloaded.

Set NTFS permission on support.exe to only allow Read access to the
authenticated user that your Clients will authenticate with.


I suspect that /support.exe was already cached prior to you changing
NTFS permissions so it remained downloadable for a short period of time
until the cache clears.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no
rights.
//

"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:eVLSmu7IGHA.528@xxxxxxxxxxxxxxxxxxxxxxx
Hello!

I have my web site running on Windows Server 2003 Standard with IIS
6.0. I have an executable file, support.exe, that I want to have
accessible to my clients, but not to anyone else.

I would like it to be available via
http://www.mydomainname.com/support.exe so it is easy to download, but
I cannot get it to be restricted. Even if I set the NTFS permissions on
the file (in the wwwroot folder) to Deny for Everyone, it will still
download when I go to the web site.

How can I make it so that only a certain user name can download or run
that file?

All Googled out and brain dead!

Gregg Hill









.

Relevant Pages

  • IIS ASKING FOR LOGIN/PASSWORD (AUTHENTICATION)
    ... Have you enabled anonymous access on the security tab in ... the IIS Manager? ... read NTFS permissions to the directory where you are ... >authentication when i put the following javascript code ...
    (microsoft.public.inetserver.iis)
  • Re: Need to restrict access to an EXE in IIS6
    ... I get the password prompt, ... Authentication Package: NTLM ... NTFS permissions so it remained downloadable for a short period of time ... download when I go to the web site. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Error message when click save target as .....
    ... I'm trying to download my bank statement from Citibank. ... version has no problem but after installing XP SP2, ... > Internet Explorer was not able to open this Internet Site. ... > connection and client authentication. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Debugging fails on Vista for Localhost
    ... I need to use debugging on the LocalHost on my Vista Premious machine using VS2005 and ASP.NET 2.0 so that all my images resolve properly. ... When I go into Help from within IIS Manager on my Vista machine it points me to a technet article regarding Windows Authentication on IIS 7. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Debugging fails on Vista for Localhost
    ... When I go into Help from within IIS Manager on my Vista machine it points me to a technet article regarding Windows Authentication on IIS 7. ...
    (microsoft.public.dotnet.framework.aspnet)