"Carl Hilton" <someone@microsoft.com> wrote in message
news:ewSAGBvlGHA.3588@TK2MSFTNGP02.phx.gbl...
> OK, I thought I had tackled this before a while a ago but forgot what I
> did...
>
> I am running IIS6 on a W2K3 server. for most of my site I have Anonymous
> access authorized. I have one file that I want to use the local system
> ACLs to authenticate with... I have turned off Anonymous access, I have
> Integrated Authentication turned on. I have removed IUSR_XXXX from the
> local ACL's. If I use my IE to access the file, the audit log shows a
> failure for IUSR vice the actual user....
>
> This is on an internal INTRANET,
>
> How can I tweak the system so that the actual user's credintials are used
> to verify file permissions.
>
> Thansk
> Carl
>
>

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:eE3PNA1lGHA.3732@TK2MSFTNGP05.phx.gbl...
> OK, so I must be missing something, or just do not get
> what "vice the actual user . . . " means.
> So, what you have done is not effecting what you want?
> You did ACL the restricted part with a grant to the account(s)
> that should have access ? Ideally this is with a group from
> the domain that is also either in the IIS's Users group or is
> granted network logon user right.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
>
> "Carl Hilton" <someone@microsoft.com> wrote in message
> news:ewSAGBvlGHA.3588@TK2MSFTNGP02.phx.gbl...
>> OK, I thought I had tackled this before a while a ago but forgot what I
>> did...
>>
>> I am running IIS6 on a W2K3 server. for most of my site I have Anonymous
>> access authorized. I have one file that I want to use the local system
>> ACLs to authenticate with... I have turned off Anonymous access, I have
>> Integrated Authentication turned on. I have removed IUSR_XXXX from the
>> local ACL's. If I use my IE to access the file, the audit log shows a
>> failure for IUSR vice the actual user....
>>
>> This is on an internal INTRANET,
>>
>> How can I tweak the system so that the actual user's credintials are used
>> to verify file permissions.
>>
>> Thansk
>> Carl
>>
>>
>
>

"Carl Hilton" <someone@microsoft.com> wrote in message
news:%23TOWVZRmGHA.4696@TK2MSFTNGP05.phx.gbl...
>I have, granted permissions to this file to domain users. I had thought
>that if ANONYMOUS access is turned off in IIS for an object and I
>authenticated using INTEGRATED WINDOWS AUTHENTICATION, then the users
>credentials would be passed to the object prior to access.
>

>
> "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
> news:eE3PNA1lGHA.3732@TK2MSFTNGP05.phx.gbl...
>> OK, so I must be missing something, or just do not get
>> what "vice the actual user . . . " means.
>> So, what you have done is not effecting what you want?
>> You did ACL the restricted part with a grant to the account(s)
>> that should have access ? Ideally this is with a group from
>> the domain that is also either in the IIS's Users group or is
>> granted network logon user right.
>>
>> --
>> Roger Abell
>> Microsoft MVP (Windows Server : Security)
>>
>> "Carl Hilton" <someone@microsoft.com> wrote in message
>> news:ewSAGBvlGHA.3588@TK2MSFTNGP02.phx.gbl...
>>> OK, I thought I had tackled this before a while a ago but forgot what I
>>> did...
>>>
>>> I am running IIS6 on a W2K3 server. for most of my site I have Anonymous
>>> access authorized. I have one file that I want to use the local system
>>> ACLs to authenticate with... I have turned off Anonymous access, I have
>>> Integrated Authentication turned on. I have removed IUSR_XXXX from the
>>> local ACL's. If I use my IE to access the file, the audit log shows a
>>> failure for IUSR vice the actual user....
>>>
>>> This is on an internal INTRANET,
>>>
>>> How can I tweak the system so that the actual user's credintials are
>>> used to verify file permissions.
>>>
>>> Thansk
>>> Carl
>>>
>>>
>>
>>
>
>