Authorization Problem... I think Group Policy the culprit
This is a discussion about Authorization Problem... I think Group Policy the culprit in the Slack Space category; I don't know when/why it happened, but it has. Nothing serious, just a tad frustrating. There are a couple places on my web site that require authorization, and now for some reason it is blocking out everybody with access.
I don't know when/why it happened, but it has. Nothing serious, just a tad frustrating. There are a couple places on my web site that require authorization, and now for some reason it is blocking out everybody with access. NTFS permissions are set correctly and so are IIS security settings. Therefore I am convinced that Policy settings are causing the trouble. My question, when you really get to the meat of it, is this...
What policy settings are required for a user/group to access a web page on a Win2k box... besides "Log on Locally"?
I don't want to go around carelessly granting policy rights to my groups/individuals. I'm off to Technet now to see if I can find the answer there... I just thought I'd slap the message up here and see if anybody knows off the top of their head.
What policy settings are required for a user/group to access a web page on a Win2k box... besides "Log on Locally"?
I don't want to go around carelessly granting policy rights to my groups/individuals. I'm off to Technet now to see if I can find the answer there... I just thought I'd slap the message up here and see if anybody knows off the top of their head.
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Jan 3
Jan 4
0
2 minutes
Responses to this topic
Is the website being hosted on a member server, or a domain controller? Also, is the site configured to resolve accounts to a specific default domain (as a DC would)? Normally, for DCs, altering the "Default Domain Controller" policy is enough; simply add the user group that you want to have access to the secured portions of the site to the "Log on Locally" part of the policy is enough. Anybody have any other ideas?
OP
The IIS server is also a domain controller, yes. And the appropriate group and users have been given Log On Locally access in the Default Domain Controllers Policy snap-in.
OP
Well I fixed the problem. It's not the "recommended" way, but it worked. I reinstalled IIS on the box (uninstalled it completely first). Set up the security from scratch etc... and now all is fine. Maybe some SIDs got funkered up there somewhere.
