Tags Tags

IIS7 and Active Directory

April 20th, 2010 - 10:55 am ET by Chris | Report spam
Help Create a new topic
Hi,

I have IIS7 setup with a directory secured using BASIC Authentication only.

The directory is on a network share but only two Active Directory usernames
have NTFS permissions to this folder. One username is for the IIS entry to
have permission to the share. The second username is to be used
externally/publically when visiting the website.

It works great. The username can login fine. But...

So can all the other usernames within Active Directory. I have isolated this
shared folder to only allow these two usernames (both in their own security
groups too), yet every username in AD can login.

Why is this? IIS seems to be doing something odd.

Please help!

Chris
email Follow the discussionReplies 2 repliesReplies Make a reply

Similar topics

Display all similar topics

Replies

#1 Florian Frommherz [MVP]
April 21st, 2010 - 02:54 am ET | Report spam
Howdie!

On 20.04.2010 16:55, Chris wrote:
I have IIS7 setup with a directory secured using BASIC Authentication only.

The directory is on a network share but only two Active Directory usernames
have NTFS permissions to this folder. One username is for the IIS entry to
have permission to the share. The second username is to be used
externally/publically when visiting the website.

It works great. The username can login fine. But...

So can all the other usernames within Active Directory. I have isolated this
shared folder to only allow these two usernames (both in their own security
groups too), yet every username in AD can login.

Why is this? IIS seems to be doing something odd.



What else do you have enabled for authentication methods? If I remember
correctly, when having "Anonymous" enabled, IIS would use the builtin
account to access the resources.

Cheers,
Florian
Replies Reply to this message
#2 Ace Fekay [MVP - Directory Services, MCT]
April 21st, 2010 - 11:45 pm ET | Report spam
On Wed, 21 Apr 2010 08:54:20 +0200, "Florian Frommherz [MVP]"
wrote:

Howdie!

On 20.04.2010 16:55, Chris wrote:
I have IIS7 setup with a directory secured using BASIC Authentication only.

The directory is on a network share but only two Active Directory usernames
have NTFS permissions to this folder. One username is for the IIS entry to
have permission to the share. The second username is to be used
externally/publically when visiting the website.

It works great. The username can login fine. But...

So can all the other usernames within Active Directory. I have isolated this
shared folder to only allow these two usernames (both in their own security
groups too), yet every username in AD can login.

Why is this? IIS seems to be doing something odd.



What else do you have enabled for authentication methods? If I remember
correctly, when having "Anonymous" enabled, IIS would use the builtin
account to access the resources.

Cheers,
Florian



I would also llike to add, if accessing the site's URL using the
NetBIOS name of the web server, it will use the logged on user's
context for authenticaiton, however if accessing the URL using the
FQDN, it will always prompt for credentials, that is if Anonymous is
disabled.


Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
email Follow the discussion Replies Reply to this message
Help Create a new topicReplies Make a reply
Search Make your own search