Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security templates Active Dir

Status
Not open for further replies.
mysticslayer

mysticslayer

Technical User
Sep 2, 2008
7
NL
Hi there all,

I know the following thing, but how can I fix this:

1) The Microsoft security guide for IIS6.0 says that the IUSR account needs Log on Locally rights.

2) The Microsoft group policy Enterprise security template for Member Servers removes this right. When the policy is applied, anonymous access is broken.

3) The Member Server template is a baseline for all servers. You are supposed to ADD a Web Server template on top for web servers.

How can I add a Web server template on top of the web servers?
 
Sort by date Sort by votes
create an ou with the web servers as members and assign the web-server template 2 that ou
 
Upvote 0 Downvote
Allright, I have created a new OU, but where can I find this web server template? I searched for it, but can't find it.
 
Upvote 0 Downvote
Well I can see alot adm files, but which one is the web server template? If you use google you will see that the inet*.adm files are for internet explorer, but not for IIS
 
Upvote 0 Downvote
Well I did alot with configuring the GPO and creating the OU's, but I still didn't manage to figure out what I have done wrong with the policies for IIS.

I shall tell you how it is configured:

A) A got a DC with MS DNS.
B) A got a Web Server with hosting Exchange and other sites.

One website is a website that has anonymous access, or it should be.

So configured this website:

1) Anonymous access enabled
2) Anonymous Account: DomainName\IUSR_USRNAME
3) Enabled Integrated Security
4) Hosted the website with CGI
5) Configured a AppPool for this website
6) Tried as well the Local System account and DomainName\IWAM_username
7) Local Policy settings and AD policy settings for specific OU configuration:

Access this computer from the network: IUSR / IIS_WPG
Allow log on locally IUSR / IIS_WPG
Bypass traverse checking IUSR / IIS_WPG
Log on as a batch job IUSR / IIS_WPG

8) Added the IUSR and IWAM accounts to IIS_WPG as well local as AD.

9) Added the IIS_WPG full access to the C:\Inetpub\
But still the webserver asks for username and password.

Were did I have done wrong? Or am I still something missing?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
146
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
761
goombawaho
goombawaho
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
121
geneg28
geneg28
axilleas
  • Locked
  • Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
242
technome
technome
amanua
  • Locked
  • Question
Event ID 4776 Security Log
Replies
0
Views
150
amanua
amanua

Part and Inventory Search

Sponsor

Back
Top