IIS 6 - Intranet, Protected Directories and access for certian network groups

We have a local Intranet.  I have searched the forum and have not found the answer I am looking for.  We are using Windows 2003, IIS 6 and we have an Active Directory system.  Here is what I want to accomplish.

IT wants to have their own directory of documents that is secure so no other departments can have access.  I do not want IT users to be prompted for a userid and password.  I would like the system to know what Active Directory group they are apart of and allow access.  In IIS 6, I open the Intranet website and choose the folder ITS.  I right click and go to Permissions.  Now here is where I get stuck.  I have no idea what to edit.  It looks as if I can add the IT group but I am unsure and do not want to screw anything up.

I know I can use a database with a list of users and use ASP.NET to grab the user name, compare and allow access if needed but that means I have to keep that list updated.  I would like to utilize the IT group that is in the network system.

Thanks for the help
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

If you're using ASP.NET to handle your security and you happen to be using Integrated or Forms based authentication you should be able to pick up information such as Group Membership using System.DirectoryServices.

How are you currently handling authentication?

hcaadevAuthor Commented:
We don't really have any on the Intranet.  Anyone in our domain can access the Intranet.  We have a couple of applications that only specific users can access.  We have programmed the allowed users in the database the the program utilizes.  We grab the user id using asp.net and verify with the database to see if they are allowed.  This works great for these programs since there are a small number of users.

How would you code what you are talking about using System.DirectoryServices?  Again, what I am trying to do is to restrict non IT users from viewing a web page that is accessible from the Intranet.  If an IT user clicks on the IT link, the system will know they are from IT and allow access.  If the user is non-IT than no access will be granted.  I do not want to have to manage the users.  I would rather we use the group that the Active Directory Admin updates.

You could simply secure the contents on the file system by only allowing the 'IT Group' to have Read permissions and then set the directory to use Integrated Authentication in IIS.

If the user isn't part of that group they will be prompted for credentials but won't be able to get in.

Dave Dietz
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Chris DentPowerShell DeveloperCommented:

That would certainly be easier.

Developing something to authenticate them against AD isn't really trivial.

hcaadevAuthor Commented:
Can anyone walk me through the IIS Setup?  

- When I go into IIS and expand Websites, I see my website Intranet
- I highlight and right-click a folder (test)
- I go to permissions and see
   - Administrators
   - IIS_WPG
   - Internet Guest Account
   - System
   - USers

How can I make this directory accessible to only those who are in the IT Group?

Chris DentPowerShell DeveloperCommented:

Leave IIS_WPG, Administrators and System. Remove Internet Guest Account and Users. Add in a group that covers the members of IT.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hcaadevAuthor Commented:
Thanks Chris-Dent and Dave_Dietz!!  The solution worked.  I gave Chris the most points since he helped the most and gave Dave some points for his answer as well.  I hope you both agree.  Have a great day.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.