I have a developer here with a website running with only "Windows
Integrated Authentication" set on a Windows 2000 member server that
uses GetObject to get a user's group membership in the domain. This is
the code she's using:
set adsUser = getobject("WinN T://" & strUsername)
for each group in adsUser.groups
GrpList = GrpList & lcase(trim(grou p.name)) & ";"
next
Apparently, our Windows 2000 DCs did NOT have the "Restrict Anonymous"
security option enabled, and this code was able to successfully get
data. We recently upgraded the domain controllers to Windows 2003
Server which by default has "Restrict Anonymous" enabled - it's called
"Network Access: Let Everyone permissions apply to anonymous users" in
the security options - it isn't defined by default which means that
"Everyone" permissions do not apply to anonymous users.
This caused the code to break - it wasn't able to get the group
membership info after we upgraded the DCs to Windows 20003 Server.
After re-enabling the option I mentioned above to not "Restrict
Anonymous" on all the DCs her code works again.
My question is: How can I keep the "Network Access: Let Everyone
permissions apply to anonymous users" feature disabled and have her
code still work. Is there some other setting I need to set in IIS?
Any advice is appreciated.
Thanks. 2 4811
You could turn on the Windows authentication on the IIS server, and assuming
the user is within the Intranet, and has permissions to instantiate the
object, the code should work.
--
Manohar Kamath
Editor, .netBooks www.dotnetbooks.com
"Gerry" <sy****@yahoo.c om> wrote in message
news:4d******** *************** ***@posting.goo gle.com... I have a developer here with a website running with only "Windows Integrated Authentication" set on a Windows 2000 member server that uses GetObject to get a user's group membership in the domain. This is the code she's using:
set adsUser = getobject("WinN T://" & strUsername) for each group in adsUser.groups GrpList = GrpList & lcase(trim(grou p.name)) & ";" next
Apparently, our Windows 2000 DCs did NOT have the "Restrict Anonymous" security option enabled, and this code was able to successfully get data. We recently upgraded the domain controllers to Windows 2003 Server which by default has "Restrict Anonymous" enabled - it's called "Network Access: Let Everyone permissions apply to anonymous users" in the security options - it isn't defined by default which means that "Everyone" permissions do not apply to anonymous users.
This caused the code to break - it wasn't able to get the group membership info after we upgraded the DCs to Windows 20003 Server. After re-enabling the option I mentioned above to not "Restrict Anonymous" on all the DCs her code works again.
My question is: How can I keep the "Network Access: Let Everyone permissions apply to anonymous users" feature disabled and have her code still work. Is there some other setting I need to set in IIS?
Any advice is appreciated.
Thanks.
Thanks for your reply.
We've had Windows authentication enabled as the only authentication
mechanism (i.e. Basic and Digest are not enabled) for this virtual
server and folders.
IIS 5 (IIS Admin service and World Wide Web service) runs using
"LocalSyste m" so I believe that is the user that runs ASP code. Perhaps
I could have those services run using a domain account, but then that
would probably cause other security concerns, and probably wouldn't work
anyway as IIS seems to want to use the "NULL" user to pass this query to
the Domain Controllers.
Manohar Kamath [MVP] wrote: You could turn on the Windows authentication on the IIS server, and assuming the user is within the Intranet, and has permissions to instantiate the object, the code should work. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: CM |
last post by:
Hi, There:
I am working on a commercial ASP web application which use MS Access 2000 as
database.
When configuring the database access, I got an error saying that this
database is a read-only database. I checked the database property, it shows
that this database is archive, not read only (The database property is found
by:open database and then File -> Database properties -> on the General tag.
there is no way to change these property,...
|
by: Perttu Pulkkinen |
last post by:
Is there some way to restrict in mysql that certan field has only ONE ROW
with CERTAIN VALUE X while other rows can have any values but not this
one(so "unique" is not the answer..)?
This can be of course done in application level, but it would just be nice
to know. I would build my application so that only one user can be
superadmin, while others are normal admins or something else.
Of course this restriction would not be enough...
|
by: Thomas |
last post by:
after spending countless hours trying, i give up and hope to get some help
in here.
on server1 i got the web myweb.com with my test.asp. in the test.asp, i'm
trying to read a file from an UNC path with a FSO:
Set myFile =
Server.CreateObject("Scripting.FileSystemObject").GetFile("\\server2\myshare\myfile.txt")
this fails with an Permission Denied.
here's the deal:
|
by: Frederick Gotham |
last post by:
I'm going to be using an acronym a lot in this post:
IINM = If I'm not mistaken
Let's say we've got translation units which are going to be compiled to
object files, and that these object files will be supplied to people to link
with their own projects. Here's a sample function in one of the object files:
void Func(int const *const p)
{
|
by: kanu |
last post by:
Hi,
We have moved our domain controllers from win2K to win3K.
The script below doesnt work at all now because by default Win3K disables "Network access: Let Everyone permissions apply to anonymous users"
GetObject("WinNT://domain/domainController/username,user")
We are using GetObject to get the user groups, so as to restrict them to certain parts of the website.
It still works with one of the old DC's which is win2K.
| |
by: aydeejay |
last post by:
I'm trying to troubleshoot an issue where users are not able to bind
with LDAP via "GetObject" through our ASP Classic Intranet if they
stay logged in overnight (beyond their allowed login hours). The
problem does not occur when performing the same bindings using a logon
script.
So, the user logs in, is able to perform queries all day, and then
fails to log out at the end of the day. We'd prefer that they did log
out nightly, but it...
|
by: rainy6144 |
last post by:
Does the following code have defined behavior?
double *new_array(unsigned n)
{
double *p = malloc(n * sizeof(double));
unsigned i;
for (i = 0; i < n; i++) p = 0.0;
return p;
}
|
by: jayakrishnanav |
last post by:
Hi ,
Is it possible to restrict "pasting" any data in a text box,through keyboard(Ctrl-p) and through mouse??Can anybody help in dis
WarmRegards
jk
|
by: Peter |
last post by:
Hi
I've been delving into "delegates" and "anonymous methods", and now
I've come across the term "closure".
Some information I've found says that C# does not have closures, other
information says that C# does have closures.
My problem is I can't quite grasp what "closures" are. The examples I
have seen seem to be "anonymous methods". What is the subtle difference
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |