Re: ACL Permissions
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/16/04
- Next message: Alex: "Re: Transparent Screensaver for 2003 Server"
- Previous message: Steven L Umbach: "Re: Transparent Screensaver for 2003 Server"
- In reply to: John Pugh: "Re: ACL Permissions"
- Next in thread: John Pugh: "Re: ACL Permissions"
- Reply: John Pugh: "Re: ACL Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Dec 2004 10:49:09 -0600
Hmm. I can't think of much else other than also checking the special
permissions for that folder in security/advanced to make sure that there is
no group with deny permissions and also viewing the "effective permissions"
tab for your user. Another thing to try is temporally add that user to the
local administrators group or use the built in administrator account as the
access account temporally to see if that works. If that does work then there
is a lack of permission or privilege for the regular user account. If it
does not work something else weird is going on. Check the group membership
of the user accounts that you are using to make sure that they are at least
members of the local users group. --- Steve
"John Pugh" <john@cyber-media.co.uk> wrote in message
news:u5Tg2t14EHA.2124@TK2MSFTNGP15.phx.gbl...
> Hi Steve & Everyone else,
>
> I have looked through the local policy and everything seems the same
> between the boxes, I setup auditing, but again I get no failures and the
> box that is not working produces the same results as the others yet it
> still won't let me view the web pages, grrr.
>
> If it was a office computer I would be reinstalling windows at this point!
> but as it is in a data centre 100 miles away, thats not an option. By the
> way it is a stand alone server and not part of a domain
>
> Thanks for all your help, anymore suggestions ?
>
> John
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:egjPCsv4EHA.2604@TK2MSFTNGP10.phx.gbl...
>> Enable auditing on logon events for success and failure and privilege
>> use and object access for failure [probably only temporally]. Enable
>> auditing on that folder for that user. Then look in the security logs and
>> Event Viewer in general for any possible helpful messages. I would also
>> look in Local Security Policy on each computer and look for any
>> differences under local policies for security options or user rights. Any
>> differences found between the two boxes could be suspect. Also check any
>> deny permissions to the folder which you user could be affected by group
>> membership. If this is a domain computer, run the netdiag support tool on
>> it looking for any pertinent errors. -- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;301640 -- needs
>> object access enable first.
>>
>> "John Pugh" <john@cyber-media.co.uk> wrote in message
>> news:OU6E3$r4EHA.1452@TK2MSFTNGP11.phx.gbl...
>>> Thanks for the reply, I have compared the permissions between the two
>>> boxes (one that works and this one) and I can see very little
>>> differences, none in sections that I think might affect this problem is
>>> there anything specific that I should be looking for?
>>>
>>>
>>>
>>> "Andra" <andraatlatnetdotlv> wrote in message
>>> news:emKIJNr4EHA.1400@TK2MSFTNGP11.phx.gbl...
>>>> Policies? Especially concerning the way the password is sent over the
>>>> network.
>>>>
>>>> John Pugh wrote
>>>>> Hi,
>>>>>
>>>>> I am having problem that I thought some of you might be able to help,
>>>>>
>>>>> The problem is that we have created a directory on a 2k3 standard box
>>>>> that
>>>>> can only be accessed using a set username and password (used for
>>>>> accessing
>>>>> web stats over the internet) I have done this many times before
>>>>> without a
>>>>> hitch but on one of our boxes it does want to work at all!
>>>>>
>>>>> I have given the SYSTEM full control, Administrators full control and
>>>>> stats-viewer (the user who needs access) read and read & execute. This
>>>>> is
>>>>> the standard setup I have on all our boxes. I have also tried
>>>>> recreating
>>>> all
>>>>> the permissions the wwwroot directory has and putting it in the
>>>>> wwwroot
>>>>> directory to no avail.
>>>>>
>>>>> With the IUSR user in place it works, allowing anonymous access,
>>>>> therefore
>>>>> IIS is pointing to the right place and serving up the pages so that is
>>>>> working, but when IUSR access is taken away it throws back a "HTTP
>>>>> Error
>>>>> 401.3 - Unauthorized: Access is denied due to an ACL set on the
>>>>> requested
>>>>> resource." error when trying to login as stats-viewer. I have tried
>>>>> using
>>>>> Integrated and basic authentication, changing the user, changing the
>>>>> directory, creating a new web site in IIS, using Authdiag (which
>>>>> doesn't
>>>>> seem to shed light on the problem) all without success.
>>>>>
>>>>> Can anyone help, its doing my head in!!!
>>>>>
>>>>> Many thanks,
>>>>>
>>>>> John Pugh
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Next message: Alex: "Re: Transparent Screensaver for 2003 Server"
- Previous message: Steven L Umbach: "Re: Transparent Screensaver for 2003 Server"
- In reply to: John Pugh: "Re: ACL Permissions"
- Next in thread: John Pugh: "Re: ACL Permissions"
- Reply: John Pugh: "Re: ACL Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
