Re: What is a local logon?
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 03/28/04
- Next message: Ken Schaefer: "Re: All user account locked"
- Previous message: Robert Moir: "Re: Rewriting the MSGINA.DLL"
- In reply to: Herb Martin: "Re: What is a local logon?"
- Next in thread: Herb Martin: "Re: What is a local logon?"
- Reply: Herb Martin: "Re: What is a local logon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Mar 2004 20:57:25 +1000
"Herb Martin" <news@LearnQuick.com> wrote in message
news:ODjZWJ5EEHA.3424@tk2msftngp13.phx.gbl...
: "Gino" <cosine@covad.net> wrote in message
: news:59854$4064ab14$44a77c62$23722@msgid.meganewsservers.com...
: > Logon locally is a user right as well as Logon over the Network and they
: > are, exactly as described. If a user with a domain account tries to
logon
: to
: > a Domain Controller, and dose not have the user right to logon locally
: they
: > cannot logon, even though they might have permmisions set to access
: folders,
: > this is by design.
:
: All of the above is true but likely not what he is questioning;
: he wants to know how the WEB SERVER chooses, uses,
: or abuses the above methods when users try to access
: resources through that web server.
:
: BASIC (and digest) is always a local logon -- you hand your username
: and password to the web server which logs on as the you (locally.)
I thought Digest Authentication worked the same way as IWA. With Digest you
hand your username, and a hash of your password to IIS. IIS passes this to
the Domain Controller. DC performs the same hash, and determines whether the
hash matches the one stored in AD. If they match, appropriate token is sent
back to IIS.
Also, OP mentioned using Windows 2000, but with Windows 2003, I'm under the
impression that Basic Authentication is now a network, not a local, logon.
Cheers
Ken
: Integrated CAN BE "network" if you use a domain account.
: You authenticated with the domain and then connect to the
: web (resource) server as a "network" user.
:
: --
: Herb Martin
: >
: > "Roger Haxby" <roger.haxxxby_rem2x@ntlworld.com> wrote in message
: > news:e3GDT71EEHA.2176@tk2msftngp13.phx.gbl...
: > > We are having users log onto a server through a browser. All users
will
: > be
: > > in a specific user group. It appears that this counts as a local
: login -
: > if
: > > we do not allow local logons in the group policy for that user group,
: they
: > > cannot log on via the browser. The browser authentication method does
: not
: > > seem to make a difference (basic, integrated windows authentication,
we
: > have
: > > not tried digest)
: > > Is this expected behaviour?
: > >
: > > If that is expected behaviour, what is a Network Logon - is that file
: > shares
: > > only?
: > >
: > > Server is W2K Advanced Server, SP4 Domain Controller
: > >
: > > Roger Haxby
- Next message: Ken Schaefer: "Re: All user account locked"
- Previous message: Robert Moir: "Re: Rewriting the MSGINA.DLL"
- In reply to: Herb Martin: "Re: What is a local logon?"
- Next in thread: Herb Martin: "Re: What is a local logon?"
- Reply: Herb Martin: "Re: What is a local logon?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
