Re: Intranet Security

Hi,

Your users are granted access via "Authenticated Users". Any user that has
valid username and password is automatically authenticated user and your
current settings give him/her full access.

--
Mike
Microsoft MVP - Windows Security

"Peter W. Caton" <PeterWCaton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:14328C7F-A809-4387-8063-2DE017D9B51F@xxxxxxxxxxxxxxxx
The share that IIS is redirected to is setup as follows

Permissions: Authenticated users have Full, Change, Read
Security: Staff Users (group with staff accounts) have Read, Write
Domain Admins Full Control

But when I login as an AD user account that is not in either one of these
groups, I can still access the website.

"Peter W. Caton" wrote:

Thanks for your reply.

For some reason, this does not work.

I have the website pointing to a network share on another server.

The network share only allows users 1, 2, 3.

If I login as one of the users who should not have access to this share
and
try to access the share, I am denied. So I know the permissions are
working.

However, if I am logged in as a user who should not have access to the
site
and type in the server's name in IE, I can access the webpage, no
problem.

I have also tried moving the files to a folder on the IIS server. Same
thing happens.

I do have anonymous access disabled.

For authenticated access, I have tried every combination of access,
Windows
Integrated, Digest Authentication, and one of two things happen. One, I
am
prompted for a username and password. But no matter what username and
password I enter, I am denied access. Two, I can access the site using
any
AD user.

Any other thoughts?

"Peter W. Caton" wrote:

Here is what I want to do with IIS on a Windows 2003 server. The
server is a
part of our domain.

I have a basic Intranet troubleshooting website setup in IIS.

I want to limit access to a specific group of Active Directory users.
In
other words, AD users 1, 2, 3 can access the intranet website, all
other
users are denied.

How can I accomplish this?

I should also note that I am rather new to IIS, so the more detail you
can
provide, the better.

Thanks.


.

Relevant Pages

  • Re: CopyFile across network / logon
    ... I am accessing W2K and NT workstations from a XP or ... >> This is ok as only authenticated users should be able to copy files ... >> security systems I want to copy files to. ... > username and password at run time or you can prompt the user if ...
    (microsoft.public.win32.programmer.networks)
  • Re: Forms Authentication and Active Directory
    ... Save their password in the session right after they log in, it's safe there. ... > authenticated users, not Forms Authenticated users. ... > impersonating the already impersonated user! ... >> this simply the username that is logged in. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: shares too visible
    ... With the share permissions set to "Authenticated Users" having read ... Do you use the same username and password on your laptop as you have on the ... domain, not the same account, just the same username/password combo? ... hence the logon prompt at the member servers. ...
    (microsoft.public.windows.server.security)
  • Re: [PHP] Authentication
    ... If memory doesn't fail me, if you work with IIS and protect the source pages of the application so that IUSR_xxxxx doesn't have access to those files and instead grant access to the NT users or groups which you want, the IIS when working with IE clients will take care of that as long as they are all in the same domain. ... I did it with IIS 3 and IE4 and it worked, I am not completely sure about the details, but it is something you do in the server administration and you don't need to do any programming at all, if the person reaches the page it is because it is who he says it is. ... Otherwise, no browser will give you access to any sensitive information on the client machine, nothing that someone, anyone, might pick on the server side just by receiving a page request. ... If you can find a JavaScript function to snoop the username, ...
    (php.general)
  • Re: security between serving files from a fileshare
    ... It this application running on your server or static ... Microsoft MVP - Windows Security ... On virtual directory on server two you can specify which username ... with iis. ...
    (microsoft.public.inetserver.iis.security)