|
Posted by Jason W. on June 28, 2007, 2:17 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Basically, I have a website on our intranet, running on IIS 6 that I
need to completely deny access to for one security group.
Anonymous access is enabled at this time, which needs to be changed.
What would be the best configuration? Integrated or Domain
authentication (can't recall the complete name).
What is the best process and method to tackle this?
Thanks.
|
|
Posted by Jason W. on June 28, 2007, 2:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Could I just use interegrated authentication, then at the NTFS level
for that folder, DENY access to that group?
|
|
Posted by on June 28, 2007, 3:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Enable anonymous access. Set the NTFS security settings as
appropriate. Using a white list (e.g, just allowing those who need it)
might scale better than denying a single group.
Regards,
J Wolfgang Goerlich
> Could I just use interegrated authentication, then at the NTFS level
> for that folder, DENY access to that group?
|
|
Posted by Jason W. on June 28, 2007, 5:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
one more question. When I select "Integrated Windows Authentication",
that will force users to supply usernames and passwords correct? Is it
possible to NOT have the pop up for the users who need access?
|
|
Posted by on June 28, 2007, 5:24 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Is it possible to NOT have the pop up for the users who need access?
Sure, if the web server and the workstation are in the same domain (or
have a trust relationship). On the workstation, add the computer to
the Local Intranet (under Tools > Internet Options > Security). Make
sure that (o) Automatic logon only in Intranet zone is defined under
the Local Intranet's security level (click [Custom level] and scroll
to the bottom.)
If you have a large environment with several web computers, I find it
easiest to use DNS and define the local Intranet to include all of it.
Say your Active Directory domain was mybiz.local, for example. I would
add http://*.mybiz.local and https://*.mybiz.local under Intranet
websites. Then push out the Intranet security settings via a group
policy. This is a bit more work up front but it scales well and saves
you work down the road.
Regards,
J Wolfgang Goerlich
|
| Similar Threads | Posted | | How to deny access to some internet sites | November 10, 2005, 8:40 am |
| L2TP/IPsec sites-to-sites vpn | December 23, 2005, 9:08 am |
| controlling deleting of files with NTFS | June 27, 2007, 12:50 pm |
| Internet sites | January 8, 2009, 7:17 pm |
| restricted sites zone in IE | December 19, 2005, 3:06 pm |
| GPO for restricting Internet sites? | November 3, 2006, 1:31 pm |
| Restricted Sites Folder | February 7, 2007, 2:35 pm |
| Which sites maintain firewall links? | October 10, 2005, 9:34 pm |
| Security Alerts/Unable to get into some sites | November 16, 2006, 10:26 pm |
| Annoying "Restricted Sites" behavior, IE 7 | February 20, 2007, 5:55 pm |
|
XML site map