| Groups | Blog | Home |
iis security : FrontPage User Logins
since I had to set up any users for FrontPage authoring of web sites. I have a web site running in IIS 6.0 on a Windows 2003 Server. I have configured the Server Extensions 2002 for the site and can log in remotely via FrontPage as administrator, or anyone in the administrators group. When I create a new user in the Active Directory and set the permissions on the site for them in IIS, I cannot log in via FrontPage. Am I missing something here? Thanks,
The domain accounts need permissions on the content (which the
FPSE '02 probably generously over allotted) and log on rights to the machine (what groups have local login, and what domain groups are in them?). "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in message news:B49BBA92-B2DD-4806-8AB4-79930D1C649B@microsoft.com... [quoted text, click to view] > Okay I am not sure why I can't figure this out, but it has been a long > time > since I had to set up any users for FrontPage authoring of web sites. I > have > a web site running in IIS 6.0 on a Windows 2003 Server. I have configured > the Server Extensions 2002 for the site and can log in remotely via > FrontPage > as administrator, or anyone in the administrators group. When I create a > new > user in the Active Directory and set the permissions on the site for them > in > IIS, I cannot log in via FrontPage. Am I missing something here? > > Thanks, > Marty Shifflett
Ahhh, that's right. They have to have log on locally rights to the machine
before they can log in to the web site via FrontPage. I will set up a new group just for that pupose and give it that right. That should take care of it, correct? [quoted text, click to view] "Roger Abell [MVP]" wrote:
> The domain accounts need permissions on the content (which the > FPSE '02 probably generously over allotted) and log on rights to > the machine (what groups have local login, and what domain > groups are in them?). > > "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > message news:B49BBA92-B2DD-4806-8AB4-79930D1C649B@microsoft.com... > > Okay I am not sure why I can't figure this out, but it has been a long > > time > > since I had to set up any users for FrontPage authoring of web sites. I > > have > > a web site running in IIS 6.0 on a Windows 2003 Server. I have configured > > the Server Extensions 2002 for the site and can log in remotely via > > FrontPage > > as administrator, or anyone in the administrators group. When I create a > > new > > user in the Active Directory and set the permissions on the site for them > > in > > IIS, I cannot log in via FrontPage. Am I missing something here? > > > > Thanks, > > Marty Shifflett > >
I created a new global security group called "Web Authors" and put the user
in question in that group. I went in and edited the Default Domain Controllers Policy and added that new group to the "Allow log on locally" policy in the User Rights Assignment section. I still cannot log on via FrontPage as that user. Any ideas? [quoted text, click to view] "Roger Abell [MVP]" wrote:
> The domain accounts need permissions on the content (which the > FPSE '02 probably generously over allotted) and log on rights to > the machine (what groups have local login, and what domain > groups are in them?). > > "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > message news:B49BBA92-B2DD-4806-8AB4-79930D1C649B@microsoft.com... > > Okay I am not sure why I can't figure this out, but it has been a long > > time > > since I had to set up any users for FrontPage authoring of web sites. I > > have > > a web site running in IIS 6.0 on a Windows 2003 Server. I have configured > > the Server Extensions 2002 for the site and can log in remotely via > > FrontPage > > as administrator, or anyone in the administrators group. When I create a > > new > > user in the Active Directory and set the permissions on the site for them > > in > > IIS, I cannot log in via FrontPage. Am I missing something here? > > > > Thanks, > > Marty Shifflett > >
This IIS instance is on a domain controller ??
What do you show in the security event log for the failure ? (I am assuming that viewing the FPSE grants in the Sharepoint admin page it looks correct). "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in message news:4C204538-31CA-4A85-8337-0F82D0A673D8@microsoft.com... [quoted text, click to view] >I created a new global security group called "Web Authors" and put the user > in question in that group. I went in and edited the Default Domain > Controllers Policy and added that new group to the "Allow log on locally" > policy in the User Rights Assignment section. I still cannot log on via > FrontPage as that user. Any ideas? > > "Roger Abell [MVP]" wrote: > >> The domain accounts need permissions on the content (which the >> FPSE '02 probably generously over allotted) and log on rights to >> the machine (what groups have local login, and what domain >> groups are in them?). >> >> "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in >> message news:B49BBA92-B2DD-4806-8AB4-79930D1C649B@microsoft.com... >> > Okay I am not sure why I can't figure this out, but it has been a long >> > time >> > since I had to set up any users for FrontPage authoring of web sites. >> > I >> > have >> > a web site running in IIS 6.0 on a Windows 2003 Server. I have >> > configured >> > the Server Extensions 2002 for the site and can log in remotely via >> > FrontPage >> > as administrator, or anyone in the administrators group. When I create >> > a >> > new >> > user in the Active Directory and set the permissions on the site for >> > them >> > in >> > IIS, I cannot log in via FrontPage. Am I missing something here? >> > >> > Thanks, >> > Marty Shifflett >> >> >>
I get an event 680 logon attempt, then an event 540 successful logon, and
then an event 538 user logoff. The login box then comes back and asks for credentials again. [quoted text, click to view] "Roger Abell [MVP]" wrote:
> This IIS instance is on a domain controller ?? > What do you show in the security event log for the failure ? > (I am assuming that viewing the FPSE grants in the Sharepoint > admin page it looks correct). > > "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > message news:4C204538-31CA-4A85-8337-0F82D0A673D8@microsoft.com... > >I created a new global security group called "Web Authors" and put the user > > in question in that group. I went in and edited the Default Domain > > Controllers Policy and added that new group to the "Allow log on locally" > > policy in the User Rights Assignment section. I still cannot log on via > > FrontPage as that user. Any ideas? > > > > "Roger Abell [MVP]" wrote: > > > >> The domain accounts need permissions on the content (which the > >> FPSE '02 probably generously over allotted) and log on rights to > >> the machine (what groups have local login, and what domain > >> groups are in them?). > >> > >> "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > >> message news:B49BBA92-B2DD-4806-8AB4-79930D1C649B@microsoft.com... > >> > Okay I am not sure why I can't figure this out, but it has been a long > >> > time > >> > since I had to set up any users for FrontPage authoring of web sites. > >> > I > >> > have > >> > a web site running in IIS 6.0 on a Windows 2003 Server. I have > >> > configured > >> > the Server Extensions 2002 for the site and can log in remotely via > >> > FrontPage > >> > as administrator, or anyone in the administrators group. When I create > >> > a > >> > new > >> > user in the Active Directory and set the permissions on the site for > >> > them > >> > in > >> > IIS, I cannot log in via FrontPage. Am I missing something here? > >> > > >> > Thanks, > >> > Marty Shifflett > >> > >> > >> > >
Yes it is running on a domain controller. The only other box that I could
put it on right now that isn't a DC would be the Exchange server. [quoted text, click to view] "Roger Abell [MVP]" wrote:
> This IIS instance is on a domain controller ?? > What do you show in the security event log for the failure ? > (I am assuming that viewing the FPSE grants in the Sharepoint > admin page it looks correct). > > "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > message news:4C204538-31CA-4A85-8337-0F82D0A673D8@microsoft.com... > >I created a new global security group called "Web Authors" and put the user > > in question in that group. I went in and edited the Default Domain > > Controllers Policy and added that new group to the "Allow log on locally" > > policy in the User Rights Assignment section. I still cannot log on via > > FrontPage as that user. Any ideas? > > > > "Roger Abell [MVP]" wrote: > > > >> The domain accounts need permissions on the content (which the > >> FPSE '02 probably generously over allotted) and log on rights to > >> the machine (what groups have local login, and what domain > >> groups are in them?). > >> > >> "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > >> message news:B49BBA92-B2DD-4806-8AB4-79930D1C649B@microsoft.com... > >> > Okay I am not sure why I can't figure this out, but it has been a long > >> > time > >> > since I had to set up any users for FrontPage authoring of web sites. > >> > I > >> > have > >> > a web site running in IIS 6.0 on a Windows 2003 Server. I have > >> > configured > >> > the Server Extensions 2002 for the site and can log in remotely via > >> > FrontPage > >> > as administrator, or anyone in the administrators group. When I create > >> > a > >> > new > >> > user in the Active Directory and set the permissions on the site for > >> > them > >> > in > >> > IIS, I cannot log in via FrontPage. Am I missing something here? > >> > > >> > Thanks, > >> > Marty Shifflett > >> > >> > >> > >
Well, that makes it sound like the NTFS permissions are not
correct on the content as the account is logging in, or perhaps the _vti_bin virtual directory is not defined for the web. You could address that via use of the FPSE check/fix option, by placing an audit for Everyone Full Fail on the content and see what shows up in the event log, and/or by looking in the IIS webserver log. Roger "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in message news:29CD4B1A-C99E-4254-8C06-080F57E06E15@microsoft.com... [quoted text, click to view] >I get an event 680 logon attempt, then an event 540 successful logon, and > then an event 538 user logoff. > > The login box then comes back and asks for credentials again. > > "Roger Abell [MVP]" wrote: > >> This IIS instance is on a domain controller ?? >> What do you show in the security event log for the failure ? >> (I am assuming that viewing the FPSE grants in the Sharepoint >> admin page it looks correct). >> >> "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in >> message news:4C204538-31CA-4A85-8337-0F82D0A673D8@microsoft.com... >> >I created a new global security group called "Web Authors" and put the >> >user >> > in question in that group. I went in and edited the Default Domain >> > Controllers Policy and added that new group to the "Allow log on >> > locally" >> > policy in the User Rights Assignment section. I still cannot log on >> > via >> > FrontPage as that user. Any ideas? >> > >> > "Roger Abell [MVP]" wrote: >> > >> >> The domain accounts need permissions on the content (which the >> >> FPSE '02 probably generously over allotted) and log on rights to >> >> the machine (what groups have local login, and what domain >> >> groups are in them?). >> >> >> >> "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in >> >> message news:B49BBA92-B2DD-4806-8AB4-79930D1C649B@microsoft.com... >> >> > Okay I am not sure why I can't figure this out, but it has been a >> >> > long >> >> > time >> >> > since I had to set up any users for FrontPage authoring of web >> >> > sites. >> >> > I >> >> > have >> >> > a web site running in IIS 6.0 on a Windows 2003 Server. I have >> >> > configured >> >> > the Server Extensions 2002 for the site and can log in remotely via >> >> > FrontPage >> >> > as administrator, or anyone in the administrators group. When I >> >> > create >> >> > a >> >> > new >> >> > user in the Active Directory and set the permissions on the site for >> >> > them >> >> > in >> >> > IIS, I cannot log in via FrontPage. Am I missing something here? >> >> > >> >> > Thanks, >> >> > Marty Shifflett >> >> >> >> >> >> >> >> >>
I will try that and see what happens.
[quoted text, click to view] "Roger Abell [MVP]" wrote:
> Well, that makes it sound like the NTFS permissions are not > correct on the content as the account is logging in, or perhaps > the _vti_bin virtual directory is not defined for the web. > > You could address that via use of the FPSE check/fix option, > by placing an audit for Everyone Full Fail on the content and > see what shows up in the event log, and/or by looking in the > IIS webserver log. > > Roger > > "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > message news:29CD4B1A-C99E-4254-8C06-080F57E06E15@microsoft.com... > >I get an event 680 logon attempt, then an event 540 successful logon, and > > then an event 538 user logoff. > > > > The login box then comes back and asks for credentials again. > > > > "Roger Abell [MVP]" wrote: > > > >> This IIS instance is on a domain controller ?? > >> What do you show in the security event log for the failure ? > >> (I am assuming that viewing the FPSE grants in the Sharepoint > >> admin page it looks correct). > >> > >> "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > >> message news:4C204538-31CA-4A85-8337-0F82D0A673D8@microsoft.com... > >> >I created a new global security group called "Web Authors" and put the > >> >user > >> > in question in that group. I went in and edited the Default Domain > >> > Controllers Policy and added that new group to the "Allow log on > >> > locally" > >> > policy in the User Rights Assignment section. I still cannot log on > >> > via > >> > FrontPage as that user. Any ideas? > >> > > >> > "Roger Abell [MVP]" wrote: > >> > > >> >> The domain accounts need permissions on the content (which the > >> >> FPSE '02 probably generously over allotted) and log on rights to > >> >> the machine (what groups have local login, and what domain > >> >> groups are in them?). > >> >> > >> >> "Marty Shifflett" <MartyShifflett@discussions.microsoft.com> wrote in > >> >> message news:B49BBA92-B2DD-4806-8AB4-79930D1C649B@microsoft.com... > >> >> > Okay I am not sure why I can't figure this out, but it has been a > >> >> > long > >> >> > time > >> >> > since I had to set up any users for FrontPage authoring of web > >> >> > sites. > >> >> > I > >> >> > have > >> >> > a web site running in IIS 6.0 on a Windows 2003 Server. I have > >> >> > configured > >> >> > the Server Extensions 2002 for the site and can log in remotely via > >> >> > FrontPage > >> >> > as administrator, or anyone in the administrators group. When I > >> >> > create > >> >> > a > >> >> > new > >> >> > user in the Active Directory and set the permissions on the site for > >> >> > them > >> >> > in > >> >> > IIS, I cannot log in via FrontPage. Am I missing something here? > >> >> > > >> >> > Thanks, > >> >> > Marty Shifflett > >> >> > >> >> > >> >> > >> > >> > >> > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |