Cannot connect to Web Server from Different Domain

Hi all,

We have two domains in here and are currently migrating users from Domain A
to Domain B.

We have a trust relationship setup between the two and are using Windows
Integrated Security for Authentication.

My IIS Server is in Domain A.

I can connect to the webserver using User X in Domain A without any problems.
I have created user Y in Domain B with same privileges as X has but I get
prompted to authenticate to the server when I try to connect.
Both Domain Users groups from A and B have access to the server (have been
made members of local Users group).
Currently the only way I have to get this working is to include user Y in
the local Admins group on the server.

Can anyone help - we are in a bit of a pickle !

Cheers.

PS Anonymous access is a no-no - very security concious!

Re: Cannot connect to Web Server from Different Domain

That placing user Y in the IIS server's local Administrators group
shows that your problem is completely isolated to what grants are
needed on the IIS server that Y's being only in the Users group of
the IIS server does not grant. You need to review the complete
set of grants made to user X and adjust the grants of Y to be same.

"nai" wrote in message
news:A43631E5-044D-4179-A3D4-1A8042199474@microsoft.com...
> Hi all,
>
> We have two domains in here and are currently migrating users from Domain
> A
> to Domain B.
>
> We have a trust relationship setup between the two and are using Windows
> Integrated Security for Authentication.
>
> My IIS Server is in Domain A.
>
> I can connect to the webserver using User X in Domain A without any
> problems.
> I have created user Y in Domain B with same privileges as X has but I get
> prompted to authenticate to the server when I try to connect.
> Both Domain Users groups from A and B have access to the server (have been
> made members of local Users group).
> Currently the only way I have to get this working is to include user Y in
> the local Admins group on the server.
>
> Can anyone help - we are in a bit of a pickle !
>
> Cheers.
>
> PS Anonymous access is a no-no - very security concious!

Re: Cannot connect to Web Server from Different Domain

I've just gone through all of the security on the box and it seems that when
the Admin setup the box only some of the permissions were set correctly -
User Y had read/execute permissions on all of the folders under our www root
but not to any of the asp/htm files - i adjusted these/restarted IIS and hey
presto all cool.

Thanks for your help.


"Roger Abell [MVP]" wrote:

> That placing user Y in the IIS server's local Administrators group
> shows that your problem is completely isolated to what grants are
> needed on the IIS server that Y's being only in the Users group of
> the IIS server does not grant. You need to review the complete
> set of grants made to user X and adjust the grants of Y to be same.
>
> "nai" wrote in message
> news:A43631E5-044D-4179-A3D4-1A8042199474@microsoft.com...
> > Hi all,
> >
> > We have two domains in here and are currently migrating users from Domain
> > A
> > to Domain B.
> >
> > We have a trust relationship setup between the two and are using Windows
> > Integrated Security for Authentication.
> >
> > My IIS Server is in Domain A.
> >
> > I can connect to the webserver using User X in Domain A without any
> > problems.
> > I have created user Y in Domain B with same privileges as X has but I get
> > prompted to authenticate to the server when I try to connect.
> > Both Domain Users groups from A and B have access to the server (have been
> > made members of local Users group).
> > Currently the only way I have to get this working is to include user Y in
> > the local Admins group on the server.
> >
> > Can anyone help - we are in a bit of a pickle !
> >
> > Cheers.
> >
> > PS Anonymous access is a no-no - very security concious!
>
>
>

Re: Cannot connect to Web Server from Different Domain

That is good. It also sounds like a good example of where
a custom group could/should have been defined and used.

"nai" wrote in message
news:A736741D-2507-4546-8833-EB2442873BCB@microsoft.com...
> I've just gone through all of the security on the box and it seems that
> when
> the Admin setup the box only some of the permissions were set correctly -
> User Y had read/execute permissions on all of the folders under our www
> root
> but not to any of the asp/htm files - i adjusted these/restarted IIS and
> hey
> presto all cool.
>
> Thanks for your help.
>
>
> "Roger Abell [MVP]" wrote:
>
>> That placing user Y in the IIS server's local Administrators group
>> shows that your problem is completely isolated to what grants are
>> needed on the IIS server that Y's being only in the Users group of
>> the IIS server does not grant. You need to review the complete
>> set of grants made to user X and adjust the grants of Y to be same.
>>
>> "nai" wrote in message
>> news:A43631E5-044D-4179-A3D4-1A8042199474@microsoft.com...
>> > Hi all,
>> >
>> > We have two domains in here and are currently migrating users from
>> > Domain
>> > A
>> > to Domain B.
>> >
>> > We have a trust relationship setup between the two and are using
>> > Windows
>> > Integrated Security for Authentication.
>> >
>> > My IIS Server is in Domain A.
>> >
>> > I can connect to the webserver using User X in Domain A without any
>> > problems.
>> > I have created user Y in Domain B with same privileges as X has but I
>> > get
>> > prompted to authenticate to the server when I try to connect.
>> > Both Domain Users groups from A and B have access to the server (have
>> > been
>> > made members of local Users group).
>> > Currently the only way I have to get this working is to include user Y
>> > in
>> > the local Admins group on the server.
>> >
>> > Can anyone help - we are in a bit of a pickle !
>> >
>> > Cheers.
>> >
>> > PS Anonymous access is a no-no - very security concious!
>>
>>
>>