Q

How to implement IIS authentication settings

In this SearchSecurity.com Q&A, identity management and access control expert Joel Dubin reviews how to set IIS authentication permissions and allow open access to Web sites hosted on the server.

I have installed a standalone IIS server on a Windows 2000 system. How can I switch off the authentication window that pops up on a remote computer when trying to access the page?
This depends on what you're trying to do. If you want to allow open access to a Web site hosted on your Internet Information Services ( IIS), you'll need to check two settings on the server to see which is blocking the site.

There are two levels of authentication for an IIS server hosted on Windows 2000: Web authentication and New Technology File System (NTFS) permissions.

IIS authentication is set through the Internet Service Manager (ISM), which can be accessed from the server's Administrative Tools menu. Under the Directory Security tab, there are a variety of authentication options that can be checked off. These include options for Basic Authentication, Digest Authentication, as well as Integrated Windows Authentication.

The ISM allows more than one type of authentication to be selected. The pop-up window you describe could be a Basic or Digest authentication window, so make sure these two options are deselected.

The other reason for the authentication window issue could be that the NTFS permissions in the server's root directory may have been set to restrict access. This directory is usually located here: C:Inetpubwwwroot. If you want to remove any logon windows or have open access, go to this location and check the Everyone box; this will allow anyone to have free access to the directory.

From the perspective of the Windows 2000 machine itself, these Web server directories are just like any other directory on the server and can be configured separately.

More information:

  • Michael Cobb explains how to create access rules and configure IIS server permissions.
  • Using a different Web server? Learn some non-IIS best practices.
  • This was first published in March 2007

    Dig deeper on Web Application and Web 2.0 Threats

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close