Re: Integrated Security in a Workgroup?

From: Bill Cohagan (bill_at_teraXNOSPAMXquest.com)
Date: 12/09/03 

Date: Tue, 9 Dec 2003 10:21:23 -0600

  OK, I think I've got it working. I discovered (via KB #315158) how to
set the account and password used by IIS via attributes in the
processModel element of the machine.config file. All I needed to do was

1.) Reset the password of the <machine>\ASPNET account to a common value
on both machines.
2.) Edit the machine.config file on both machines to reflect the new
common password.

I'd already added the ASPNET account as a login on the SQL server. Since
now the A\ASPNET and B\ASPNET have common login names AND passwords I
can apparently access the SQL server on machine B via the A\ASPNET
account on machine A. This solves my problem.

Bill
"Bill Cohagan" <bill@teraXNOSPAMXquest.com> wrote in message
news:eXwPQHeuDHA.1888@TK2MSFTNGP10.phx.gbl...
> Since I'm using integrated security I must select an existing NT user;
thus
> I can't specify a user, ASPNET (or whatever), unless that user exists as a
> local user on the machine. I can of course create such a user, but then
I've
> got the password problem I already mentioned. Have I misunderstood your
> suggestion?
>
> Bill
> "Stephen Dybing [MSFT]" <stephd@online.microsoft.com> wrote in message
> news:%23nPgnyduDHA.2148@TK2MSFTNGP12.phx.gbl...
> > No, sorry, what I meant was that when you set up the SQL Server
> permissions,
> > try it without including the A\ or B\.
> >
> > --
> > Sincerely,
> > Stephen Dybing
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > Please reply to the newsgroups only, thanks.
> > "Bill Cohagan" <bill@teraXNOSPAMXquest.com> wrote in message
> > news:utxj$XduDHA.1596@TK2MSFTNGP10.phx.gbl...
> > > The A\ASPNET and B\ASPNET machine accounts are created by IIS (I
> think) --
> > > at least I know that I did NOT create them. These are the accounts
used
> by
> > > IIS when executing ASP pages. Since these accounts are not created by
me
> I
> > > don't know the passwords -- and I can't just change them in XP because
> > then
> > > IIS will likely fail due to using the old password. Perhaps I can
> change
> > > the default ASP account used by IIS on both machines -- then I can
> create
> > > local accounts with the same username and password.
> > >
> > > Thanks for the suggestion.
> > >
> > > Bill
> > >
> > > "Stephen Dybing [MSFT]" <stephd@online.microsoft.com> wrote in message
> > > news:uOFYrdRuDHA.3144@tk2msftngp13.phx.gbl...
> > > > I believe that you do this without specifying the A\ or B\.
> > > >
> > > > --
> > > > Sincerely,
> > > > Stephen Dybing
> > > >
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > Please reply to the newsgroups only, thanks.
> > > > "Bill Cohagan" <bill@teraXNOSPAMXquest.com> wrote in message
> > > > news:#aPrRKOuDHA.4056@TK2MSFTNGP11.phx.gbl...
> > > > > Kevin
> > > > > Thanks. I've tried this, but the account I need to create is the
> > > > A\ASPNET
> > > > > account on the B machine. I've tried doing that and it complains
> that
> > > the
> > > > A
> > > > > domain doesn't exist. There's already a B\ASPNET account on
machine
> B
> > > and
> > > > an
> > > > > A\ASPNET account on machine A. Suggestions?
> > > > >
> > > > > Thanks again,
> > > > > BIll
> > > > >
> > > > > PS - Yes this is a temporary environement, for development
purposes
> > > only.
> > > > >
> > > > > "Kevin McDonnell [MSFT]" <kevmc@online.microsoft.com> wrote in
> message
> > > > > news:bHu03vGuDHA.2436@cpmsftngxa06.phx.gbl...
> > > > > > Assuming this is a temporary environment.. You'll need to
> duplicate
> > > the
> > > > > > account used on the Dev box, with the same account and password
on
> > the
> > > > SQL
> > > > > > box. This is often referred to as "workgroup security".
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Kevin McDonnell
> > > > > > Microsoft Corporation
> > > > > >
> > > > > > This posting is provided AS IS with no warranties, and confers
no
> > > > rights.
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: SYSTEM(14) with D3
    ... minority that might desire to utilize common across LOGTO-s. ... account and I actually want to reference it in another account, ... with in other aspects of the EXECUTE functionality: ... The original intent was that Flashbasic and non-Flash code also would ...
    (comp.databases.pick)
  • Re: flexible subroutine parameters
    ... >"common" module when it plainly is not a common module..if the outputs ... >CALL GETACCT using PARM1 PARM2 ... My goal with GETACCT is that I can pass it an account ... program doesn't have to care what "kind" of account it actually is. ...
    (comp.lang.cobol)
  • Re: so PayPAL is piece of mind for sellers ha ha
    ... Sorry to hear of your problems Paul, yes this is common. ... as a payment option on our websites. ... account for hundreds of times more online transactions than Paypal ...
    (uk.people.consumers.ebay)
  • Re: so PayPAL is piece of mind for sellers ha ha
    ... "We were recently notified that one of your buyers used an ... Sorry to hear of your problems Paul, yes this is common. ... account for hundreds of times more online transactions than Paypal ...
    (uk.people.consumers.ebay)
  • Re: FSI Indices with translates the answer
    ... this would allow an application account to be attached ... relative to solely the common need you raised in this thread, ... WEBSITE1-account should be used to lookup the PRODUCTS-file. ... fact that a Basic program can perform an [EXECUTE "logto ...
    (comp.databases.pick)