[thelist] Active Directory and IIS 6.0

Anthony Baratta anthony at baratta.com
Fri Nov 3 11:24:02 CST 2006


99% of the dotNet applications I'm currently working with all use the company's internal DB (which harvests data from the HR Application) for user authentication, with a check against AD for username and password. For "speed" sake we've snagged a copy of the Quick Start Kit (Issue Tracker) from MS and are trying to use that as a stop gap bug tracking tool. The tool integrates with AD, so we'd really like to use that. 

We are having an issue with "permissions" while connecting to the web pages where Issue Tracker runs. 

Here's how I've set things up: There is a local group called IssueTracker (versus having to wait three weeks for a new AD group, and then asking each individual empolyee to request access to that group - another 3+ weeks. Welcome to Dilbert-ville). I've given the local group NTFS access rights to the Issue Tracker directory. And then populated the group woth all the AD accounts that need access to the application. The Issue Tracker application works great for myself and people in my AD group - but not for anyone outside my AD group. Now my AD group has local admin rights to the box, outside the group they don't.

However, if I put a non-working user into the local Administrator's group they can login successfully and run the application. If theyare not, they never authenticate correctly. The logs say "no user name or bad password". But if you flip the user in and out of the Admin Group they are able to login or not just based on this association. So the security logs are not really reporting correctly, or are they?

My current theory is that unless the user belongs to the Administrator's group, they do not have "remote" login rights. Therefore I need to give all the users in the IssueTracker group "login" rights. That should be done via the Group / Security Policy Manager - but I can't find the proper switch. I think it's different between Server 2000 and Server 2003. The server in question is 2003.

Any clues where to find this? Any thoughts to add?? Am I barking up the wrong tree? Cool BBQ recipes?

P.S Happy National Cliche Day!!

More information about the thelist mailing list