Re: IIS 6 & UNC Share Scurity Issue

Good Day Pablo & Others!

I looked into your steps, after adding the account to the cluster resource
the rights do appear under the sharing / security tab. Still the same results
when browsing the site though. I am able to map to the folder through a
command prompt.

I have started to create another couple VM's to re-create the setup in the
event there was a configuration problem. Once done, I will try the config you
pointed out, this time without the cluster and instead just a seperate box
with a share.

Will be in touch.

"Pablo A. Allois" wrote:

Hi Rob,

How is the problem ?

"Rob C." <RobC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D2EC329E-0550-4799-8C6E-2A5E64859242@xxxxxxxxxxxxxxxx
I have looked at this program. it shows me that I get an "Access Denied"
error to the folder that I have changed the rights on.
The access is being denied is for the account rcareyad, this account does
have full NTFS right on the folder (http://stieurl.domain.com/_Secure).
The
_Secure folder is where the rights are changed.

I think it is something to do with the account used in the login as:
within
IE for the UNC path (Same account being used for the application pool),
being
removed access to the _secure folder. I would assume that the login would
prompt like it is, but using an account that has the right NTFS
permissions
get the error. I would think something to do with multiple authentication
or
not "impersonating" correctly?



"Pablo A. Allois" wrote:

Please, make the troubleshooting with procmon, to see more exactly what
is
the problem.

Saludos!

"Rob C." <RobC@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:480E20C0-4E20-4032-B096-843357E4E5C0@xxxxxxxxxxxxxxxx
Thanks for your reply Pablo!

I am and have been able to get the configuration to work that you
mention
in
the first part / Guide.
It is when I try to secure the folder so that the clients would need to
login using a different account rather then the one that is being used
for
anonymous access (Connect as: account) due to removing that account
from
the
NTFS rights on the share. I have tried about everything and am now
going
to
look at different options. Currently out IIS boxes are 32bit and the
file
cluster is 64 bit and all are VM's inside VMware ESX 3.5. Although I
dont
think any of this should matter.

What are others doing to create a central IIS web services? We have
multiple
sites and would like to ensure they are all redundant. I thought that
having
multiple front end servers connected to a back end cluster would be
simple,
this way we did not need to worry about data replication or what boxes
the
clients connected to to do the updates.
Any one have any suggestions?

Thanks again for your time folks.







.

Relevant Pages

  • Re: Security discussion regarding hubs, firewalls, anti-virus and
    ... User Account Control needs advanced customization features -- I have ... allowing blocking of 3rd party cookies and session cookies ... I tried to drag it to a folder on my links so I could access it ... I looked at the folder and I appear to have full rights. ...
    (microsoft.public.security)
  • Re: How To Restrict Single Domain User To One Server/Folder?
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... "myweb" wrote: ... If your account can still browse the other folders check your NTFS ... Maybe explain a littlebit about your share and folder permissions. ...
    (microsoft.public.windows.server.active_directory)
  • Re: "Access is denied" trying to connect to IIS7 - any ideas?
    ... Now, if I look at the problematic site in the IIS management, I can click the "Basic settings" link, and the "Connect as" button shows me that I am connecting as myself. ... No, your account doesn't have full control on the folder it seems, which can be superseded by another account on the folder, like the Everyone group account doesn't have full control as an example that has superseded your user account rights. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Cluster Service Account Fails during Cluster Creation
    ... warranties, and confers no rights. ... > using a domain admin account and ensuring the domain admins was still ... I'm thinking that cluster services is generally not the best way to ... > less overall cost per virtualized server and less complexity. ...
    (microsoft.public.windows.server.clustering)
  • Re: The .DB files can not be deleted?
    ... You go to the folder off of Explore and to Properties, and with the Security tab enabled on the folder, you add your logged in user account to the folder and set permissions for your logged in account to Full permissions. ... If you are user/admin on the computer, then is some cases, Vista will not let you delete, because it is looking at your account as user, and it is looking at your account as admin. ... You don't have Full rights as user/admin on Vista like you have on XP. ...
    (microsoft.public.windows.vista.general)