Windows 2000 Server - IIS Basic Authentication not working

Ok, I have setup on our server the ability for users to connect into a local intranet website via IP and type their windows domain username and password in to authenticate.  The website is setup with a certificate and 128-bit encyrption.  I don't think any of that matters, just a little background.

The problem is only administrators can successfully log in and get to the website.  If a user that doesn't have administrator privledges on the domain can't login.  According to all the documents I have read, this is not how Basic Authentication should function.  I have only that box checked under the directory security tab.

I have tried giving physical NTFS rights to a user to the directory in inetpub/wwwroot/, I have tried add members to the operators tab of the website, and seeing if they can authenticate that way and it hasn't worked.  I have also tried a mulitude of combinations with the directory security choices and came up with zero.  Any ideas?
gap0134Asked:
Who is Participating?
 
JamesWillisonCommented:
YES 100% the easiest way of doing this would be to  add the "marketing" group to

(WEB connect group) Whats ever you have called the group

In this way they will retain all the access rights they have on the Domain Controller. as long as they have the rights to see the folder on domain controller they will have the permission to see them when they are connected throuh the web inter face.

Let me know if you need any other information or if i have been unclear in any way.

P.s
what is the full intent of this if you dont mind me asking as i may have a much easier for you to action this this giving them the same access right all depends on what the users are going to use the interface for

best regards

(`'·.¸(`'·.¸ ~ ¸.·'´)¸.·'´)
«´.¸¸   JAMES    ¸¸.·`»
(¸.·'´(¸.·'´ ~ `'·.¸)`'·.¸)
0
 
JamesWillisonCommented:
You need to create a user group on your web server and then assize all the user that you wish to connect through into this group, giving then the rights you want each of them to have.
Then give the Group admin right under the NTFS system permissions.
 

What this will do is give them the access to hit the web server. Within 2000 the basic rule is the most restrictive protocol is dominant.

there for they will not in reality have the admin rights
0
 
marc_nivensCommented:
Check the policies applied to that machine and make sure that everyone has "access this computer from the network."  Also, since you're using basic you will need "log on locally" rights for this group as well.  

An alternative to the above is to add the Domain Users group to the local users group on the IIS server.
0
 
gap0134Author Commented:
Marc, they are all ready in the Domain Users group.  And I don't know where to check the policy you are referring to.

James, yes this worked...however, we have alot of NTFS rights we would override for users giving them a new user like you said.  I did see however, a way to set your primary group.  If for instance I have a group for Marketing, and a share for Marketing on the system, I want them to be able to see the webpage AND their respective folder.  Can I use the primary group to my advantage in this case?
0
 
marc_nivensCommented:
I'm sure they're already in the Domain Users group, I'm talking about adding the Domain Users group to the local machines Users group.  Of course this applies only to member servers.  If this is a DC you will have to edit the default domain controllers policy to allow the two rights I previously mentioned.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.