Solved

Web application being stopped by Server 2003 permissions issue

Posted on 2008-10-20
2
191 Views
Last Modified: 2012-05-05
We are having an issue with a newly installed application that uses Pervasive SQL and IIS to run a browser based HR portal for our employees.  The application is installed on a domain server and it uses Active Directory user logins to authenticate the browser logon.   The users access a specific web page (running on our server) and logon as follows:

DomainName\Username and then enter a password.  

Everything works fine as long as the user is a member of the Administrators group.   However, as soon as we remove the user from the Administrators group and make them a member of the domain users group they can no longer log in and they receive a "Login Failed" error.  

The company who designed the HR portal (Municipal Accounting) has tested it thoroughly and stated that it is something on our end.  The evidence that they use to back this up is that they say that they cannot use remote desktop and log on locally as any standard user even if they give the standard user access rights to logon to the server as a remote desktop user.

Therefore, they are saying that since a standard user cannot log on locally to the server as a remote desktop user, we must have permissions issues on our server.

They may be right to some extent, but we certainly should not need to allow users remote access rights to connect to the server.  However, they may be correct in that it appears to me that the web based logon is going to require users to have permissions to logon to the server locally.

This company assures me that the app is working in other places and that the problem is on our end.  If anyone has any ideas it would be greatly appreciated.  
0
Comment
Question by:darcher17
2 Comments
 
LVL 2

Expert Comment

by:SirDragon
ID: 22763993
It does sound like a rights issue.  
What are the rights assigned to IIS?  Have you tried to turn on Anonymous logon?  
or integrated windows authentication?

Is this server a domain controller?  
What are the rights for interactive logon to the server?  
I am sorry for all the questions, but it's hard to weed through without a visual.  
0
 

Accepted Solution

by:
darcher17 earned 0 total points
ID: 22764490
I actually resolved this one myself.  I am not really happy about the way their software works, but it appears that I have to give users the right to logon locally.  

So I added the users to a specific group and then gave this group the right to "Log on Locally" through the Domain Controller Security Policy.  

Thanks for the help!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OWA 2010 both internal, external not working 7 72
Event-ID 3001, 3011 - LoadPerf - Windows Server 2003 14 45
2003 Server DNS/FS errors 6 50
Domain Controller FSMO 7 38
Learn about cloud computing and its benefits for small business owners.
Know what services you can and cannot, should and should not combine on your server.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question