iis security: I am pulling out my hair (which is hard because I shave my head!). I am
relatively new to AD and IIS....still trying to learn. I have several texts
on the subjects but can't seem to get the answer I need.
My first server on my home network was a W2K server. I use DSL with a
static IP as an internet connection. Two year ago I wanted to learn AD, I
bought an OEM copy of SBS 2003 with Exchange which runs fine. I am still
running AD.
I took out the W2K server to try a linux box. Well.....a year has passed
and now I decided to learn ASP.NET. So I got out my W2K box...took down the
linux box (temporarily) and got myself a copy of Visual Studio 2005. I got
my new site up and running but can only access it internally....which is not
what I want.
I think the problem is AD and group policies but I have looked at them for
the past 3 months and cant see anything. So in an effort to solved the
problem, I reformatted the W2K machine (and also to combine partitions) and
re-joined the domain and reinstalled ASP.NET 2.0 and the website and put the
server in the DMZ but the outside world still cannot access the website.
I do have anon. access enabled and the account is IUSR_SERVERNAME and the
"Let IIS Control the password" is checked. Integrated Windows Authenication
is also checked. Prevously I tried changing the IUSR_SERVERNAME to
DOMAIN\IUSR_SERVERNAME but it didn't work. Also if I changed the anon.
account to DOMAIN\IUSR_SERVERNAME checking the "Let IIS control the password"
cant be checked because it isn't a local account. I checked the "log on
locally" security option but I can't find IUSR_SERVERNAME so I can't add it.
The web server is stopping because IUSR_SERVERNAME does not have the
approipiate rights......but changing things in the past didn't work so I am
reluctant until I have an idea of what I should be doing. I also unchecked
"Integrated Windows Authenication" and wasn't able to access the website from
my workstation...so I rechecked that box. Should I be using the
DOMAIN\IUSR_SERVERNAME account or have I totally missed something? Should
that "Let IIS control the password box be checked? This is driving me crazy!
All I want to do is allow public access and still have access over the

On Thu, 29 Dec 2005 11:45:03 -0800, Shadow
[quoted text, click to view]

MHO, This is a major clue. You do not have public access to the
webserver, even internally. The only reason it is working is that your
logon credentials are getting you access to the server. When you shut
off integrated authentication it does not access the MSIE passed
credentials and you get denied. I'd make a wild guess that Netscape
cannot access the server wither even from the same machine where MSIE
works.

You need to fix that problem and get internal public access working.