Re: ACL Permissions
From: John Pugh (john_at_cyber-media.co.uk)
Date: 12/20/04
- Previous message: neo [mvp outlook]: "Re: How to manage relay"
- In reply to: Steven L Umbach: "Re: ACL Permissions"
- Next in thread: Steven L Umbach: "Re: ACL Permissions"
- Reply: Steven L Umbach: "Re: ACL Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Dec 2004 11:02:40 -0000
It works as an Administrator, but not as a User even though the user in
question is in the right groups, is there anyway to see what permissions
each of the groups get? so that I can see what is difference between the
working boxes and this one.
Cheers
John
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:euvf7544EHA.3616@TK2MSFTNGP11.phx.gbl...
> Hmm. I can't think of much else other than also checking the special
> permissions for that folder in security/advanced to make sure that there
> is no group with deny permissions and also viewing the "effective
> permissions" tab for your user. Another thing to try is temporally add
> that user to the local administrators group or use the built in
> administrator account as the access account temporally to see if that
> works. If that does work then there is a lack of permission or privilege
> for the regular user account. If it does not work something else weird is
> going on. Check the group membership of the user accounts that you are
> using to make sure that they are at least members of the local users
> group. --- Steve
>
>
> "John Pugh" <john@cyber-media.co.uk> wrote in message
> news:u5Tg2t14EHA.2124@TK2MSFTNGP15.phx.gbl...
>> Hi Steve & Everyone else,
>>
>> I have looked through the local policy and everything seems the same
>> between the boxes, I setup auditing, but again I get no failures and the
>> box that is not working produces the same results as the others yet it
>> still won't let me view the web pages, grrr.
>>
>> If it was a office computer I would be reinstalling windows at this
>> point! but as it is in a data centre 100 miles away, thats not an option.
>> By the way it is a stand alone server and not part of a domain
>>
>> Thanks for all your help, anymore suggestions ?
>>
>> John
>>
>>
>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> news:egjPCsv4EHA.2604@TK2MSFTNGP10.phx.gbl...
>>> Enable auditing on logon events for success and failure and privilege
>>> use and object access for failure [probably only temporally]. Enable
>>> auditing on that folder for that user. Then look in the security logs
>>> and Event Viewer in general for any possible helpful messages. I would
>>> also look in Local Security Policy on each computer and look for any
>>> differences under local policies for security options or user rights.
>>> Any differences found between the two boxes could be suspect. Also check
>>> any deny permissions to the folder which you user could be affected by
>>> group membership. If this is a domain computer, run the netdiag support
>>> tool on it looking for any pertinent errors. -- Steve
>>>
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;301640 -- needs
>>> object access enable first.
>>>
>>> "John Pugh" <john@cyber-media.co.uk> wrote in message
>>> news:OU6E3$r4EHA.1452@TK2MSFTNGP11.phx.gbl...
>>>> Thanks for the reply, I have compared the permissions between the two
>>>> boxes (one that works and this one) and I can see very little
>>>> differences, none in sections that I think might affect this problem is
>>>> there anything specific that I should be looking for?
>>>>
>>>>
>>>>
>>>> "Andra" <andraatlatnetdotlv> wrote in message
>>>> news:emKIJNr4EHA.1400@TK2MSFTNGP11.phx.gbl...
>>>>> Policies? Especially concerning the way the password is sent over the
>>>>> network.
>>>>>
>>>>> John Pugh wrote
>>>>>> Hi,
>>>>>>
>>>>>> I am having problem that I thought some of you might be able to help,
>>>>>>
>>>>>> The problem is that we have created a directory on a 2k3 standard box
>>>>>> that
>>>>>> can only be accessed using a set username and password (used for
>>>>>> accessing
>>>>>> web stats over the internet) I have done this many times before
>>>>>> without a
>>>>>> hitch but on one of our boxes it does want to work at all!
>>>>>>
>>>>>> I have given the SYSTEM full control, Administrators full control
>>>>>> and
>>>>>> stats-viewer (the user who needs access) read and read & execute.
>>>>>> This is
>>>>>> the standard setup I have on all our boxes. I have also tried
>>>>>> recreating
>>>>> all
>>>>>> the permissions the wwwroot directory has and putting it in the
>>>>>> wwwroot
>>>>>> directory to no avail.
>>>>>>
>>>>>> With the IUSR user in place it works, allowing anonymous access,
>>>>>> therefore
>>>>>> IIS is pointing to the right place and serving up the pages so that
>>>>>> is
>>>>>> working, but when IUSR access is taken away it throws back a "HTTP
>>>>>> Error
>>>>>> 401.3 - Unauthorized: Access is denied due to an ACL set on the
>>>>>> requested
>>>>>> resource." error when trying to login as stats-viewer. I have tried
>>>>>> using
>>>>>> Integrated and basic authentication, changing the user, changing the
>>>>>> directory, creating a new web site in IIS, using Authdiag (which
>>>>>> doesn't
>>>>>> seem to shed light on the problem) all without success.
>>>>>>
>>>>>> Can anyone help, its doing my head in!!!
>>>>>>
>>>>>> Many thanks,
>>>>>>
>>>>>> John Pugh
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
- Previous message: neo [mvp outlook]: "Re: How to manage relay"
- In reply to: Steven L Umbach: "Re: ACL Permissions"
- Next in thread: Steven L Umbach: "Re: ACL Permissions"
- Reply: Steven L Umbach: "Re: ACL Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
