Improve company productivity with a Business Account.Sign Up

x
?
Solved

Restrict access to default website and company content from Internet unless authenticated, but allow anonymous access to some

Posted on 2006-06-16
1
Medium Priority
?
289 Views
Last Modified: 2010-04-19
I have a company that has a custom database program accessable by browser on their LAN.  It automatically created a virtual directory which is accessable on the network, and all machines access it by IE.  Is it wise to have them ALWAYS authenticate first by their windows passwords, then type in a 2nd login to this jobtracker program?  Or let maybe Outlook Web Access, and JobTracker have anonymous web access and use their own credentials first.

At first whoever set this up for them had ALL sites from default site down restricted by IP to the internal LAN range, and nothing worked from outside the network.   So I changed that at Default site (but did not propogate it to anything in sub folders) and sure enough I could access both the default site and the /jobtracker/ subfolder from outside on the net.

  Not sure on the "best practice" here as I rarely do IIS stuff, so any advice is appreciated.  How should I restrict IPs?  How should authentication be handled?  

Thanks
0
Comment
Question by:pcns09
1 Comment
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 375 total points
ID: 16924702
The Best Practice on an SBS is to run the Configure Email and Internet Connection Wizard (CEICW -- linked as Connect to the Internet in the Server Management Console) and let that wizard handle modifying the permissions on the IIS virtual directories.

When the JobTracker site was created, it should probably have not been created under the default site.  It would have been better to create a new site and give it a host header, the same way that Companyweb is configured.

But in either case, there should be no reason that a user should have to type their windows password when the site opens if they are already authenticated on the LAN.  While the IIS Directory Security should be set to Integrated Windows Authentication, if it's requesting their password again, then their settings aren't right in IE under Tools > Internet Options > Security > User Authentication.

Jeff
TechSoEasy
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Watch the software video of Kernel Import PST to Office 365 tools which can easily import PST and OST files to Office 365 for bulk mailboxes. The process of migration is simple and user can map source and destination mailboxes and easily import data…
A query can call a function, and a function can call Excel, even though we are in Access. This is Part 2, and steps you through the VBA that "wraps" Excel functionality so we can use its worksheet functions in Access. The declaration statement de…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question