IIS Security Problems

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Yeah... we all know XP networking can be fun sometimes... I have to Pro
machines one of which i couldn't access from the other... went through did
the advanced file sharing thing so i could set up permissions and all... got
that figured out, however... in the process the web page i was hosting on the
machine now gives this message when accessed: Logon failure: user account
restriction. Possible reasons are blank passwords not allowed, logon hour
restrictions, or a policy restriction has been enforced. on just a plain
simple white page... i've looked through EVERYTHING i could think of and
finnaly moved the site to my other computer. works fine on that one so i
began comparing security settings between the two and for the life of me i
cna't figure out why it's not working on the original server... I know it's
some kind of securtiy policy setting somewhere but the question is where the
hell is it???
 
Look in the security log to see if a failed logon shows and it make give a
reason why if auditing of logon events is enabled in Local Security Policy
which it is by default I believe. Also enable auditing of privilege use for
failure to see if such an event is recorded at the time of the failure
message that would indicate what user right the user lacks which can be
managed via Local Security Policy - local policies/user rights. Logon rights
for logon locally and access this computer from the network would be
possibilities. You could also configure the security option for accounts:
limit local account use of blank passwords to console logon only to be
disabled. --- Steve

SeNetworkLogonRight Access this computer from the network
SeInteractiveLogonRight Log on locally
SeBatchLogonRight Log on as a batch job
SeServiceLogonRight Log on as a service
SeDenyNetworkLogonRight Deny access this computer from the network
SeDenyInteractiveLogonRight Deny log on locally
SeDenyBatchLogonRight Deny log on as a batch job
SeDenyServiceLogonRight Deny log on as a service
 
Steven L Umbach said:
Look in the security log to see if a failed logon shows and it make give a
reason why if auditing of logon events is enabled in Local Security Policy
which it is by default I believe. Also enable auditing of privilege use for
failure to see if such an event is recorded at the time of the failure
message that would indicate what user right the user lacks which can be
managed via Local Security Policy - local policies/user rights. Logon rights
for logon locally and access this computer from the network would be
possibilities. You could also configure the security option for accounts:
limit local account use of blank passwords to console logon only to be
disabled. --- Steve

SeNetworkLogonRight Access this computer from the network
SeInteractiveLogonRight Log on locally
SeBatchLogonRight Log on as a batch job
SeServiceLogonRight Log on as a service
SeDenyNetworkLogonRight Deny access this computer from the network
SeDenyInteractiveLogonRight Deny log on locally
SeDenyBatchLogonRight Deny log on as a batch job
SeDenyServiceLogonRight Deny log on as a service
Click to expand...
Thanks steve,
I eventually did find it... i logged out and back in under the Admin
account (don't think this was really necessary but i found what i was looking
for in there...) messed around with the mmc a little, finnaly did a Search on
Local Security and found a link to open up the Local Security Settings MMC...
to do this through mmc itself, open a new console, click file - add/remove
snap in - add - Group Policy Object Editor then click add / finish / close -
select Local computer policy - Extensions Tab In the drop down box select
Security Settings and ok...
Now...
Computer Config
Windows Settings
Security Settings
Account Policy
Password policy
password must meet
complexity req. = Disabled

Note, i'm not concerend about security on this system... doing this may open
you up so be ware... but it will fix that problem...
 
Congrats on getting it to work and thanks for reporting back. Though the
solution does not make sense [at least at first glance] I never argue with
success. Password complexity sets rules for password creation that occurs
when a user changes his password [willingly or when it expires] or when a
user account is created. Somehow this may have caused a problem with the
IUSR_computername account is all I can figure assuming you were using it for
anonymous web access which would be default setting. FYI you can easily
access Local Security Policy by using secpol.msc in the run box. I also
suggest that you enable auditing of account management which in the future
may generate a helpful Event ID for failure if a similar problem arises.---
Steve
 
Back
Top