Re: Intranet Security
- From: Peter W. Caton <PeterWCaton@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Aug 2006 14:03:02 -0700
Just to clarify:
If I try to access the share via Windows when I am logged in under a
restricted user, I am denied.
But you're saying that because I have permissions setup as Authenticated
Users, IIS allows this restricted user to view the website?
Before writing the newsgroup, I also tried the following:
Add the website files on the local IIS server. Set the permissions to only
allow Staff Users and Domain Admins.
When I log as a restricted user, I can still access the website.
This just doesn't add up-
"Miha Pihler [MVP]" wrote:
Hi,.
Your users are granted access via "Authenticated Users". Any user that has
valid username and password is automatically authenticated user and your
current settings give him/her full access.
--
Mike
Microsoft MVP - Windows Security
"Peter W. Caton" <PeterWCaton@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:14328C7F-A809-4387-8063-2DE017D9B51F@xxxxxxxxxxxxxxxx
The share that IIS is redirected to is setup as follows
Permissions: Authenticated users have Full, Change, Read
Security: Staff Users (group with staff accounts) have Read, Write
Domain Admins Full Control
But when I login as an AD user account that is not in either one of these
groups, I can still access the website.
"Peter W. Caton" wrote:
Thanks for your reply.
For some reason, this does not work.
I have the website pointing to a network share on another server.
The network share only allows users 1, 2, 3.
If I login as one of the users who should not have access to this share
and
try to access the share, I am denied. So I know the permissions are
working.
However, if I am logged in as a user who should not have access to the
site
and type in the server's name in IE, I can access the webpage, no
problem.
I have also tried moving the files to a folder on the IIS server. Same
thing happens.
I do have anonymous access disabled.
For authenticated access, I have tried every combination of access,
Windows
Integrated, Digest Authentication, and one of two things happen. One, I
am
prompted for a username and password. But no matter what username and
password I enter, I am denied access. Two, I can access the site using
any
AD user.
Any other thoughts?
"Peter W. Caton" wrote:
Here is what I want to do with IIS on a Windows 2003 server. The
server is a
part of our domain.
I have a basic Intranet troubleshooting website setup in IIS.
I want to limit access to a specific group of Active Directory users.
In
other words, AD users 1, 2, 3 can access the intranet website, all
other
users are denied.
How can I accomplish this?
I should also note that I am rather new to IIS, so the more detail you
can
provide, the better.
Thanks.
- Follow-Ups:
- Re: Intranet Security
- From: Miha Pihler [MVP]
- Re: Intranet Security
- References:
- Re: Intranet Security
- From: Miha Pihler [MVP]
- Re: Intranet Security
- Prev by Date: Re: Intranet Security
- Next by Date: Re: IIS 6 Question: How to Publish from FrontPage 2003
- Previous by thread: Re: Intranet Security
- Next by thread: Re: Intranet Security
- Index(es):
Relevant Pages
|
