| Groups | Blog | Home |
iis security : Unable to Access Webpage -> "The user has not been granted the requested..."
that I am hosting. When they try to log they are unable to. In the event viewer I get: Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: testuser Domain: MYDOMAIN Logon Type: 2 Logon Process: IIS Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: SERVER21 However, if I make all 'Authenticated Users' part of the 'Administrator' group local to the machine, they are granted access and they webpage works. This is very unsecure. How do I fix it?
Hi Zack,
You will have to edit local policy. Click on Start -> Run -> gpedit.msc and click OK. Under Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment and look for "Access this computer from the network". Double click on this policy and make sure that e.g. Authenticated Users group is in this policy. You can also try and add one of your users in this policy. After this is done close the policy and try to access website using this account that you added to the policy. I hope this helps, Mike [quoted text, click to view] "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message news:a2aa04c0.0409270743.5f0d3d94@posting.google.com... > I am using basic authentication to grant users access to a secure page > that I am hosting. When they try to log they are unable to. In the > event viewer I get: > > Logon Failure: > Reason: The user has not been granted the requested > logon type at this machine > User Name: testuser > Domain: MYDOMAIN > Logon Type: 2 > Logon Process: IIS > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > Workstation Name: SERVER21 > > > However, if I make all 'Authenticated Users' part of the > 'Administrator' group local to the machine, they are granted access > and they webpage works. This is very unsecure. How do I fix it? > > Zack
The 'Everyone' group is included in the "Access this computer from the
network" so I don't think that that is the problem. Any other ideas? Zack [quoted text, click to view] "Miha Pihler" <mihap-news@atlantis.si> wrote in message news:<uY9k$0KpEHA.2612@TK2MSFTNGP15.phx.gbl>...
> Hi Zack, > > You will have to edit local policy. Click on Start -> Run -> gpedit.msc and > click OK. > > Under Computer Configuration -> Windows Settings -> Security Settings -> > Local Policies -> User Rights Assignment and look for "Access this computer > from the network". Double click on this policy and make sure that e.g. > Authenticated Users group is in this policy. You can also try and add one of > your users in this policy. After this is done close the policy and try to > access website using this account that you added to the policy. > > I hope this helps, > > Mike > > "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > news:a2aa04c0.0409270743.5f0d3d94@posting.google.com... > > I am using basic authentication to grant users access to a secure page > > that I am hosting. When they try to log they are unable to. In the > > event viewer I get: > > > > Logon Failure: > > Reason: The user has not been granted the requested > > logon type at this machine > > User Name: testuser > > Domain: MYDOMAIN > > Logon Type: 2 > > Logon Process: IIS > > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > > Workstation Name: SERVER21 > > > > > > However, if I make all 'Authenticated Users' part of the > > 'Administrator' group local to the machine, they are granted access > > and they webpage works. This is very unsecure. How do I fix it? > >
Check that e.g. everyone or accounts used are not in e.g. Deny access to
this computer from the network. Deny will override allow policy. Mike [quoted text, click to view] "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message news:a2aa04c0.0409280927.51c477d7@posting.google.com... > The 'Everyone' group is included in the "Access this computer from the > network" so I don't think that that is the problem. Any other ideas? > > Zack > > "Miha Pihler" <mihap-news@atlantis.si> wrote in message news:<uY9k$0KpEHA.2612@TK2MSFTNGP15.phx.gbl>... > > Hi Zack, > > > > You will have to edit local policy. Click on Start -> Run -> gpedit.msc and > > click OK. > > > > Under Computer Configuration -> Windows Settings -> Security Settings -> > > Local Policies -> User Rights Assignment and look for "Access this computer > > from the network". Double click on this policy and make sure that e.g. > > Authenticated Users group is in this policy. You can also try and add one of > > your users in this policy. After this is done close the policy and try to > > access website using this account that you added to the policy. > > > > I hope this helps, > > > > Mike > > > > "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > > news:a2aa04c0.0409270743.5f0d3d94@posting.google.com... > > > I am using basic authentication to grant users access to a secure page > > > that I am hosting. When they try to log they are unable to. In the > > > event viewer I get: > > > > > > Logon Failure: > > > Reason: The user has not been granted the requested > > > logon type at this machine > > > User Name: testuser > > > Domain: MYDOMAIN > > > Logon Type: 2 > > > Logon Process: IIS > > > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > > > Workstation Name: SERVER21 > > > > > > > > > However, if I make all 'Authenticated Users' part of the > > > 'Administrator' group local to the machine, they are granted access > > > and they webpage works. This is very unsecure. How do I fix it? > > > > > > Zack
Mike - I appreciate your help but there are no accounts in the "Deny
access to this computer from the network." This is really stumping me. Any other ideas? What is the difference between 'Log on Locally' and 'Access this computer from the network?' Zack [quoted text, click to view] "Miha Pihler" <mihap-news@atlantis.si> wrote in message news:<unAwWSZpEHA.4008@TK2MSFTNGP14.phx.gbl>...
> Check that e.g. everyone or accounts used are not in e.g. Deny access to > this computer from the network. Deny will override allow policy. > > Mike > > "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > news:a2aa04c0.0409280927.51c477d7@posting.google.com... > > The 'Everyone' group is included in the "Access this computer from the > > network" so I don't think that that is the problem. Any other ideas? > > > > Zack > > > > "Miha Pihler" <mihap-news@atlantis.si> wrote in message > news:<uY9k$0KpEHA.2612@TK2MSFTNGP15.phx.gbl>... > > > Hi Zack, > > > > > > You will have to edit local policy. Click on Start -> Run -> gpedit.msc > and > > > click OK. > > > > > > Under Computer Configuration -> Windows Settings -> Security Settings -> > > > Local Policies -> User Rights Assignment and look for "Access this > computer > > > from the network". Double click on this policy and make sure that e.g. > > > Authenticated Users group is in this policy. You can also try and add > one of > > > your users in this policy. After this is done close the policy and try > to > > > access website using this account that you added to the policy. > > > > > > I hope this helps, > > > > > > Mike > > > > > > "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > > > news:a2aa04c0.0409270743.5f0d3d94@posting.google.com... > > > > I am using basic authentication to grant users access to a secure page > > > > that I am hosting. When they try to log they are unable to. In the > > > > event viewer I get: > > > > > > > > Logon Failure: > > > > Reason: The user has not been granted the requested > > > > logon type at this machine > > > > User Name: testuser > > > > Domain: MYDOMAIN > > > > Logon Type: 2 > > > > Logon Process: IIS > > > > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > > > > Workstation Name: SERVER21 > > > > > > > > > > > > However, if I make all 'Authenticated Users' part of the > > > > 'Administrator' group local to the machine, they are granted access > > > > and they webpage works. This is very unsecure. How do I fix it? > > > >
Logon Locally policy will allow user to log in when behind the computer
while access this computer from the network will only allow users to e.g. access shares but will not allow users to e.g. logon to the server... If you use domain authentication try like this. Under username enter: domain_name\username where domain_name is NetBIOS name of your domain and username is user account created in your domain. Mike [quoted text, click to view] "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message news:a2aa04c0.0409290926.480d7e90@posting.google.com... > Mike - I appreciate your help but there are no accounts in the "Deny > access to > this computer from the network." This is really stumping me. Any other > ideas? > > What is the difference between 'Log on Locally' and 'Access this > computer from the network?' > > Zack > "Miha Pihler" <mihap-news@atlantis.si> wrote in message news:<unAwWSZpEHA.4008@TK2MSFTNGP14.phx.gbl>... > > Check that e.g. everyone or accounts used are not in e.g. Deny access to > > this computer from the network. Deny will override allow policy. > > > > Mike > > > > "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > > news:a2aa04c0.0409280927.51c477d7@posting.google.com... > > > The 'Everyone' group is included in the "Access this computer from the > > > network" so I don't think that that is the problem. Any other ideas? > > > > > > Zack > > > > > > "Miha Pihler" <mihap-news@atlantis.si> wrote in message > > news:<uY9k$0KpEHA.2612@TK2MSFTNGP15.phx.gbl>... > > > > Hi Zack, > > > > > > > > You will have to edit local policy. Click on Start -> Run -> gpedit.msc > > and > > > > click OK. > > > > > > > > Under Computer Configuration -> Windows Settings -> Security Settings -> > > > > Local Policies -> User Rights Assignment and look for "Access this > > computer > > > > from the network". Double click on this policy and make sure that e.g. > > > > Authenticated Users group is in this policy. You can also try and add > > one of > > > > your users in this policy. After this is done close the policy and try > > to > > > > access website using this account that you added to the policy. > > > > > > > > I hope this helps, > > > > > > > > Mike > > > > > > > > "Zack Schneeberger" <schneebie1@hotmail.com> wrote in message > > > > news:a2aa04c0.0409270743.5f0d3d94@posting.google.com... > > > > > I am using basic authentication to grant users access to a secure page > > > > > that I am hosting. When they try to log they are unable to. In the > > > > > event viewer I get: > > > > > > > > > > Logon Failure: > > > > > Reason: The user has not been granted the requested > > > > > logon type at this machine > > > > > User Name: testuser > > > > > Domain: MYDOMAIN > > > > > Logon Type: 2 > > > > > Logon Process: IIS > > > > > Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > > > > > Workstation Name: SERVER21 > > > > > > > > > > > > > > > However, if I make all 'Authenticated Users' part of the > > > > > 'Administrator' group local to the machine, they are granted access > > > > > and they webpage works. This is very unsecure. How do I fix it? > > > > > > > > > > Zack
Hello
Logon type 2 is Interactive. This means that the user is missing the Log on Locally privilege. Users who must authenticate successfully with Basic authentication require this privilege. Make sure these users (or the groups they belong to) are not listed under the Deny Log on Locally privilege. Hope this helps, Yogita Manghnani Microsoft Developer Support Internet Information Server ********************************************************************* [quoted text, click to view] >>Please do not send email directly to this alias. This is an online account name for newsgroup participation only.<<This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use. © 2003 Microsoft Corporation. All rights reserved. *********************************************************************
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |