Solved

Restrict access to default website and company content from Internet unless authenticated, but allow anonymous access to some

Posted on 2006-06-16
1
253 Views
Last Modified: 2010-04-19
I have a company that has a custom database program accessable by browser on their LAN.  It automatically created a virtual directory which is accessable on the network, and all machines access it by IE.  Is it wise to have them ALWAYS authenticate first by their windows passwords, then type in a 2nd login to this jobtracker program?  Or let maybe Outlook Web Access, and JobTracker have anonymous web access and use their own credentials first.

At first whoever set this up for them had ALL sites from default site down restricted by IP to the internal LAN range, and nothing worked from outside the network.   So I changed that at Default site (but did not propogate it to anything in sub folders) and sure enough I could access both the default site and the /jobtracker/ subfolder from outside on the net.

  Not sure on the "best practice" here as I rarely do IIS stuff, so any advice is appreciated.  How should I restrict IPs?  How should authentication be handled?  

Thanks
0
Comment
Question by:pcns09
1 Comment
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 125 total points
ID: 16924702
The Best Practice on an SBS is to run the Configure Email and Internet Connection Wizard (CEICW -- linked as Connect to the Internet in the Server Management Console) and let that wizard handle modifying the permissions on the IIS virtual directories.

When the JobTracker site was created, it should probably have not been created under the default site.  It would have been better to create a new site and give it a host header, the same way that Companyweb is configured.

But in either case, there should be no reason that a user should have to type their windows password when the site opens if they are already authenticated on the LAN.  While the IIS Directory Security should be set to Integrated Windows Authentication, if it's requesting their password again, then their settings aren't right in IE under Tools > Internet Options > Security > User Authentication.

Jeff
TechSoEasy
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now