473,560 Members | 2,814 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

IIS 5 - GetObject fails with "Restrict Anonymous" enabled on Domain Controllers

I have a developer here with a website running with only "Windows
Integrated Authentication" set on a Windows 2000 member server that
uses GetObject to get a user's group membership in the domain. This is
the code she's using:

set adsUser = getobject("WinN T://" & strUsername)
for each group in adsUser.groups
GrpList = GrpList & lcase(trim(grou p.name)) & ";"
next
Apparently, our Windows 2000 DCs did NOT have the "Restrict Anonymous"
security option enabled, and this code was able to successfully get
data. We recently upgraded the domain controllers to Windows 2003
Server which by default has "Restrict Anonymous" enabled - it's called
"Network Access: Let Everyone permissions apply to anonymous users" in
the security options - it isn't defined by default which means that
"Everyone" permissions do not apply to anonymous users.

This caused the code to break - it wasn't able to get the group
membership info after we upgraded the DCs to Windows 20003 Server.
After re-enabling the option I mentioned above to not "Restrict
Anonymous" on all the DCs her code works again.

My question is: How can I keep the "Network Access: Let Everyone
permissions apply to anonymous users" feature disabled and have her
code still work. Is there some other setting I need to set in IIS?

Any advice is appreciated.

Thanks.
Jul 19 '05 #1
2 4795
You could turn on the Windows authentication on the IIS server, and assuming
the user is within the Intranet, and has permissions to instantiate the
object, the code should work.

--
Manohar Kamath
Editor, .netBooks
www.dotnetbooks.com
"Gerry" <sy****@yahoo.c om> wrote in message
news:4d******** *************** ***@posting.goo gle.com...
I have a developer here with a website running with only "Windows
Integrated Authentication" set on a Windows 2000 member server that
uses GetObject to get a user's group membership in the domain. This is
the code she's using:

set adsUser = getobject("WinN T://" & strUsername)
for each group in adsUser.groups
GrpList = GrpList & lcase(trim(grou p.name)) & ";"
next
Apparently, our Windows 2000 DCs did NOT have the "Restrict Anonymous"
security option enabled, and this code was able to successfully get
data. We recently upgraded the domain controllers to Windows 2003
Server which by default has "Restrict Anonymous" enabled - it's called
"Network Access: Let Everyone permissions apply to anonymous users" in
the security options - it isn't defined by default which means that
"Everyone" permissions do not apply to anonymous users.

This caused the code to break - it wasn't able to get the group
membership info after we upgraded the DCs to Windows 20003 Server.
After re-enabling the option I mentioned above to not "Restrict
Anonymous" on all the DCs her code works again.

My question is: How can I keep the "Network Access: Let Everyone
permissions apply to anonymous users" feature disabled and have her
code still work. Is there some other setting I need to set in IIS?

Any advice is appreciated.

Thanks.

Jul 19 '05 #2
Thanks for your reply.

We've had Windows authentication enabled as the only authentication
mechanism (i.e. Basic and Digest are not enabled) for this virtual
server and folders.

IIS 5 (IIS Admin service and World Wide Web service) runs using
"LocalSyste m" so I believe that is the user that runs ASP code. Perhaps
I could have those services run using a domain account, but then that
would probably cause other security concerns, and probably wouldn't work
anyway as IIS seems to want to use the "NULL" user to pass this query to
the Domain Controllers.


Manohar Kamath [MVP] wrote:
You could turn on the Windows authentication on the IIS server, and assuming
the user is within the Intranet, and has permissions to instantiate the
object, the code should work.


Jul 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
5054
by: CM | last post by:
Hi, There: I am working on a commercial ASP web application which use MS Access 2000 as database. When configuring the database access, I got an error saying that this database is a read-only database. I checked the database property, it shows that this database is archive, not read only (The database property is found by:open database and...
0
1207
by: Perttu Pulkkinen | last post by:
Is there some way to restrict in mysql that certan field has only ONE ROW with CERTAIN VALUE X while other rows can have any values but not this one(so "unique" is not the answer..)? This can be of course done in application level, but it would just be nice to know. I would build my application so that only one user can be superadmin, while...
36
16337
by: Thomas | last post by:
after spending countless hours trying, i give up and hope to get some help in here. on server1 i got the web myweb.com with my test.asp. in the test.asp, i'm trying to read a file from an UNC path with a FSO: Set myFile = Server.CreateObject("Scripting.FileSystemObject").GetFile("\\server2\myshare\myfile.txt") this fails with an Permission...
2
2621
by: Frederick Gotham | last post by:
I'm going to be using an acronym a lot in this post: IINM = If I'm not mistaken Let's say we've got translation units which are going to be compiled to object files, and that these object files will be supplied to people to link with their own projects. Here's a sample function in one of the object files: void Func(int const *const p) {
0
1565
by: kanu | last post by:
Hi, We have moved our domain controllers from win2K to win3K. The script below doesnt work at all now because by default Win3K disables "Network access: Let Everyone permissions apply to anonymous users" GetObject("WinNT://domain/domainController/username,user") We are using GetObject to get the user groups, so as to restrict them to...
3
5853
by: aydeejay | last post by:
I'm trying to troubleshoot an issue where users are not able to bind with LDAP via "GetObject" through our ASP Classic Intranet if they stay logged in overnight (beyond their allowed login hours). The problem does not occur when performing the same bindings using a logon script. So, the user logs in, is able to perform queries all day, and...
6
2365
by: rainy6144 | last post by:
Does the following code have defined behavior? double *new_array(unsigned n) { double *p = malloc(n * sizeof(double)); unsigned i; for (i = 0; i < n; i++) p = 0.0; return p; }
7
1968
by: jayakrishnanav | last post by:
Hi , Is it possible to restrict "pasting" any data in a text box,through keyboard(Ctrl-p) and through mouse??Can anybody help in dis WarmRegards jk
4
2734
by: Peter | last post by:
Hi I've been delving into "delegates" and "anonymous methods", and now I've come across the term "closure". Some information I've found says that C# does not have closures, other information says that C# does have closures. My problem is I can't quite grasp what "closures" are. The examples I have seen seem to be "anonymous methods"....
0
8063
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7595
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
7916
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
1
5458
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5175
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3605
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3584
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2046
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
0
874
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.