The Digest en Windows authentication of IIS 5 (Win2k) delivered some
problems:
- Mozilla did not work with the Digest Authentication method
- Windows authentication is not working in combination with some
networks/firewalls etc
So I want to switch to to the basic authentication method.

Now I have set up a test site on the Win 2000 server "server01"
- port 8080
- files in wwwroot2 directory
- created user test – is member of webusers groep
- webusers had file access to wwwroot2
- turned IIS authentication to basic; other methods are disabled

Now the test:

- Using IE6, I go to http://server01:8080
- Login with test --> no access
- Add test to the administrators group --> OK, access
- Removing the membership “administrators”
- Closing IE6
- Opening IE6 and login --> still access for user test!
- Restarting server01 --> OK, now test has no access to the test site
- Following this article to give de webusers group local logon rights:
http://support.microsoft.com/kb/220609/EN-US/
- Closing IE6
- Opening IE6 and login --> still NO access for user test
- Check group policy --> the webusers group has local logon rights in
the grp policy, but the effective richt are turned off (Administrators
do have an enabled effective policy here)
- Using the “AD console” to set the local logon rights in the domain policy:

1) run Active Directory Users and Computers
2) get properties of the domain (right clik on domain "domain1.lan")
3) click Group Policy tab
4) Editing the default domain policy
5) Log on locally was empty --> added the webusers group
6) AD console closed

- running CMD file with the commands:

secedit /refreshpolicy user_policy
secedit /refreshpolicy machine_policy

- Checked group policy --> the webusers group has local logon rights in
the grp policy, but the effective richts are still turned off
(Administrators do have an enabled effective policy here)
- Restarting server01
- Checked the policy again --> still not effective & user test had still
no access to http://server01:8080

What is the right way to let basic authentication work properly? Any
suggestions?

Regards,

I have solved the problem. It had something to do with the policy of the
domain controller (also server01).

I found the article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;200475

I had to set the rights in the dom controller policy:

"To configure the Log on locally right on a domain controller, follow
these steps:
1. In MMC, open the Default Domain Controllers Policy snap-in. To do
this, follow these steps:
a. Click Start, type MMC, and then click OK.
b. Click Console, click Add/Remove Snap-in, and then click Add.
c. Select Group Policy, and then click Add.
d. Click Browse.
e. Double-click the domain controller for the domain.
f. Double-click Default Domain Controllers Policy, and then click Finish.
g. Click Close, and then click OK.
2. Grant users or groups the Log on locally right. To do this, follow
these steps:
a. Expand the following path in the MMC:
Default Domain Controllers Policy\Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Rights Assignment
b. Double-click Log on Locally.
c. Add any users or groups that will use Basic/Clear Text authentication.
3. Open a command prompt, type secedit /refreshpolicy machine_policy,
and then close the command prompt to refresh the policy.
"`