Solved

Restrict access to default website and company content from Internet unless authenticated, but allow anonymous access to some

Posted on 2006-06-16
1
260 Views
Last Modified: 2010-04-19
I have a company that has a custom database program accessable by browser on their LAN.  It automatically created a virtual directory which is accessable on the network, and all machines access it by IE.  Is it wise to have them ALWAYS authenticate first by their windows passwords, then type in a 2nd login to this jobtracker program?  Or let maybe Outlook Web Access, and JobTracker have anonymous web access and use their own credentials first.

At first whoever set this up for them had ALL sites from default site down restricted by IP to the internal LAN range, and nothing worked from outside the network.   So I changed that at Default site (but did not propogate it to anything in sub folders) and sure enough I could access both the default site and the /jobtracker/ subfolder from outside on the net.

  Not sure on the "best practice" here as I rarely do IIS stuff, so any advice is appreciated.  How should I restrict IPs?  How should authentication be handled?  

Thanks
0
Comment
Question by:pcns09
1 Comment
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 125 total points
ID: 16924702
The Best Practice on an SBS is to run the Configure Email and Internet Connection Wizard (CEICW -- linked as Connect to the Internet in the Server Management Console) and let that wizard handle modifying the permissions on the IIS virtual directories.

When the JobTracker site was created, it should probably have not been created under the default site.  It would have been better to create a new site and give it a host header, the same way that Companyweb is configured.

But in either case, there should be no reason that a user should have to type their windows password when the site opens if they are already authenticated on the LAN.  While the IIS Directory Security should be set to Integrated Windows Authentication, if it's requesting their password again, then their settings aren't right in IE under Tools > Internet Options > Security > User Authentication.

Jeff
TechSoEasy
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question