I have a photo album on my website on which I want restrict access to certain
personal albums. In order to do this I opend up IIS manager and disabled
anonymous access for the specific folder and created a user account, say
"User" and made it part of the Guests user group. I disabled logon locally
for this account in the local security settings and i set it so that the
password cannot be changed and it never expires. Is this secure enough or is
there a way to further limit access. What's weird is that I am still able to
access the private virtual directory with the "User" account even though the
"User" account is not part of the ACL of the physical folder. Is this
normal? Should I add it to the ACL and limit write access? Furthermore, I'm
confused as to why the internet guest account is not included in the "deny
logon locally" policy in local security settings. Is there something else
that prevents this account from logging in locally or is it just not an

--------------------
| Thread-Topic: Is my setup secure?
| thread-index: AcSMsACrhzpFbvsMRsmax+fnfWcbbQ==
| X-WBNR-Posting-Host: 65.96.146.107
| From: =?Utf-8?B?S2FsNTI1?= <Kal525@discussions.microsoft.com>
| Subject: Is my setup secure?
| Date: Fri, 27 Aug 2004 20:35:02 -0700
| Lines: 14
| Message-ID: <838B8AD4-B59C-40D0-BFF0-93A53991B69A@microsoft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.inetserver.iis.security
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
| Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.inetserver.iis.security:14182
| X-Tomcat-NG: microsoft.public.inetserver.iis.security
|
| I have a photo album on my website on which I want restrict access to
certain
| personal albums. In order to do this I opend up IIS manager and disabled
| anonymous access for the specific folder and created a user account, say
| "User" and made it part of the Guests user group. I disabled logon
locally
| for this account in the local security settings and i set it so that the
| password cannot be changed and it never expires. Is this secure enough
or is
| there a way to further limit access. What's weird is that I am still
able to
| access the private virtual directory with the "User" account even though
the
| "User" account is not part of the ACL of the physical folder. Is this
| normal? Should I add it to the ACL and limit write access? Furthermore,
I'm
| confused as to why the internet guest account is not included in the
"deny
| logon locally" policy in local security settings. Is there something
else
| that prevents this account from logging in locally or is it just not an
| issue? Thanks in advance.
|

HI Kal,

Check out AuthDiag which has just been release to help you secure and test
your enviroment.
It is availble from :-
http://www.microsoft.com/downloads/details.aspx?FamilyId=E90FE777-4A21-4066-
BD22-B931F7572E9A&displaylang=en

The Internet Guest USer account requires teh "Log on Locally" user right as
per :-
http://support.microsoft.com/default.aspx?scid=kb;en-us;184566

HTH
Andrew

This posting is provided "AS IS" with no warranties, and confers no rights

863557

From http://www.google.com/custom?cx=015258194770007199679:e2pdvdvh7_8&q=IIS+Internet+Guest+Account&sa=Search&cof=CX:DevelopmentNow;FORID:10&ad=w9&num=10&rurl=http://www.developmentnow.com/search.aspx?cx=015258194770007199679%3Ae2pdvdvh7_8&q=IIS+Internet+Guest+Account&sa=Search&cof=FORID%3A10&client=pub-3568481421644361

Posted via DevelopmentNow.com Groups