Solved

Windows 2000 Server - IIS Basic Authentication not working

Posted on 2003-11-12
8
623 Views
Last Modified: 2008-03-17
Ok, I have setup on our server the ability for users to connect into a local intranet website via IP and type their windows domain username and password in to authenticate.  The website is setup with a certificate and 128-bit encyrption.  I don't think any of that matters, just a little background.

The problem is only administrators can successfully log in and get to the website.  If a user that doesn't have administrator privledges on the domain can't login.  According to all the documents I have read, this is not how Basic Authentication should function.  I have only that box checked under the directory security tab.

I have tried giving physical NTFS rights to a user to the directory in inetpub/wwwroot/, I have tried add members to the operators tab of the website, and seeing if they can authenticate that way and it hasn't worked.  I have also tried a mulitude of combinations with the directory security choices and came up with zero.  Any ideas?
0
Comment
Question by:gap0134
  • 2
  • 2
8 Comments
 

Expert Comment

by:JamesWillison
ID: 9740257
You need to create a user group on your web server and then assize all the user that you wish to connect through into this group, giving then the rights you want each of them to have.
Then give the Group admin right under the NTFS system permissions.
 

What this will do is give them the access to hit the web server. Within 2000 the basic rule is the most restrictive protocol is dominant.

there for they will not in reality have the admin rights
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9757964
Check the policies applied to that machine and make sure that everyone has "access this computer from the network."  Also, since you're using basic you will need "log on locally" rights for this group as well.  

An alternative to the above is to add the Domain Users group to the local users group on the IIS server.
0
 

Author Comment

by:gap0134
ID: 9767693
Marc, they are all ready in the Domain Users group.  And I don't know where to check the policy you are referring to.

James, yes this worked...however, we have alot of NTFS rights we would override for users giving them a new user like you said.  I did see however, a way to set your primary group.  If for instance I have a group for Marketing, and a share for Marketing on the system, I want them to be able to see the webpage AND their respective folder.  Can I use the primary group to my advantage in this case?
0
 
LVL 21

Expert Comment

by:marc_nivens
ID: 9768697
I'm sure they're already in the Domain Users group, I'm talking about adding the Domain Users group to the local machines Users group.  Of course this applies only to member servers.  If this is a DC you will have to edit the default domain controllers policy to allow the two rights I previously mentioned.
0
 

Accepted Solution

by:
JamesWillison earned 125 total points
ID: 9769804
YES 100% the easiest way of doing this would be to  add the "marketing" group to

(WEB connect group) Whats ever you have called the group

In this way they will retain all the access rights they have on the Domain Controller. as long as they have the rights to see the folder on domain controller they will have the permission to see them when they are connected throuh the web inter face.

Let me know if you need any other information or if i have been unclear in any way.

P.s
what is the full intent of this if you dont mind me asking as i may have a much easier for you to action this this giving them the same access right all depends on what the users are going to use the interface for

best regards

(`'·.¸(`'·.¸ ~ ¸.·'´)¸.·'´)
«´.¸¸   JAMES    ¸¸.·`»
(¸.·'´(¸.·'´ ~ `'·.¸)`'·.¸)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now