Security, easy log on from domain desktops

Security, easy log on from domain desktops

am 15.05.2007 09:29:55 von jones_net

Hi

I have a domain server 2003 with IIS. The server hosts an public "Helpdesk"
site, where anonymous access is allowed. This works fine, no log on is
required.

The server also hosts a internal "IntHelpdesk" site, where only members of
the AD group "IT" are allowed to look.
All the IT suers have a desktop, where they are logged on with their AD user
account.
I would like the webserver to use their logged on credentials when they use
the IntHelpdesk, so they don't have to write their username and password
every time they want to find a page. When they are visiting a user or a
non-domain desktop they still have to log in, to access the IntHelpdesk
page!

How do I set up the IIS security and the NTFS security?

Regards
Claus

Re: Security, easy log on from domain desktops

am 15.05.2007 11:51:03 von David Wang

On May 15, 12:29 am, "jones_net" wrote:
> Hi
>
> I have a domain server 2003 with IIS. The server hosts an public "Helpdesk"
> site, where anonymous access is allowed. This works fine, no log on is
> required.
>
> The server also hosts a internal "IntHelpdesk" site, where only members of
> the AD group "IT" are allowed to look.
> All the IT suers have a desktop, where they are logged on with their AD user
> account.
> I would like the webserver to use their logged on credentials when they use
> the IntHelpdesk, so they don't have to write their username and password
> every time they want to find a page. When they are visiting a user or a
> non-domain desktop they still have to log in, to access the IntHelpdesk
> page!
>
> How do I set up the IIS security and the NTFS security?
>
> Regards
> Claus


Can you clarify what you are having issues? It is pretty standard
configuration, and it sounds like you've already done it.
- Public Helpdesk website with Anonymous authentication
- Separate Internal Helpdesk website requiring Integrated
authentication
- NTFS ACLs on resources accessible via public or internal Helpdesk
with appropriate ACLs for both "IT" group as well as configured
anonymous user.


> I would like the webserver to use their logged on credentials
> when they use the IntHelpdesk, so they don't have to write
> their username and password every time they want to find
> a page. When they are visiting a user or a non-domain
> desktop they still have to log in, to access the IntHelpdesk
> page!

This requirement has nothing to do with IIS. IIS only requires
authentication. The browser client is responsible for auto-login with
those domain credentials such that for IntHelpdesk, logged in users do
not need to type in their username/password.

Personally, if I have a secured resource, I would never let the IT
group login with their user credentials from a user's desktop to
access IntHelpdesk. That is simply like a public kiosk scenario and
your IT admin's user credentials are no longer secure. If you allow IT
group to login from user desktops, you might as well not run
IntHelpdesk because it is no longer secured.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//