Directory Securiy: UNCPassword and AuthFlags
Directory Securiy: UNCPassword and AuthFlags
am 22.08.2006 08:54:36 von Anthony Yates
I am using the Altiris system management web service on IIS6.0. The
Directory Security is fairly straightforward: all the virtual directories
have Windows Integrated authentication, and some of them allow Anonymous.
I need to change the authentication method to be Digest, so it can work
across firewalls. When I remove WIA and add Digest, I am prompted by
UNCPassword and AuthFlags inherited properties. My problem is that (it
seems) if I say Yes, the wrong Anonymous settings are applied. If I say No,
the changes I wanted to make are not applied. I have searched on AuthFlags
and UNCPassword and I am none the wiser.
What is the correct technique for adding or removing one authentication,
without changing what is Anonymous or not?
I want to leave the permissions in as much of a default state as possible.
For example, if one virtual directory is inheriting security from another,
I'd like to leave it inheriting even if I change the method used.
Thanks,
Anthony
Re: Directory Securiy: UNCPassword and AuthFlags
am 26.08.2006 21:46:04 von Anthony Yates
As I did not get any answers on this, I concluded it must be a dumb question
so I did some more research. Very useful.
UNCPassword is the password applied to check access to the virtual directory
path. It is normally accompanied by UNCUsername. I did not find documented
why the metabase allows a password without a username, but I am guessing
that if the path is local the username is assumed. So you would expect
UNCPassword to be inherited wherever the virtual directory path is the same.
AuthFlags is obvious. I had been thinking of Anon as a binary value and
Authentication method as one of several, but of course they are all treated
as binary methods, so AuthFlags is simply the combination of authentication
method values.
The crude answer to my question is, if the directory was inheriting before,
it should inherit the changes unless you specifically want to make a change
lower down the tree,
Anthony
"Anthony" wrote in message
news:%23U4V8ebxGHA.4876@TK2MSFTNGP04.phx.gbl...
>I am using the Altiris system management web service on IIS6.0. The
> Directory Security is fairly straightforward: all the virtual directories
> have Windows Integrated authentication, and some of them allow Anonymous.
> I need to change the authentication method to be Digest, so it can work
> across firewalls. When I remove WIA and add Digest, I am prompted by
> UNCPassword and AuthFlags inherited properties. My problem is that (it
> seems) if I say Yes, the wrong Anonymous settings are applied. If I say
> No,
> the changes I wanted to make are not applied. I have searched on AuthFlags
> and UNCPassword and I am none the wiser.
> What is the correct technique for adding or removing one authentication,
> without changing what is Anonymous or not?
> I want to leave the permissions in as much of a default state as possible.
> For example, if one virtual directory is inheriting security from another,
> I'd like to leave it inheriting even if I change the method used.
> Thanks,
> Anthony
>
>
>
Re: Directory Securiy: UNCPassword and AuthFlags
am 26.08.2006 21:46:04 von Anthony Yates
As I did not get any answers on this, I concluded it must be a dumb question
so I did some more research. Very useful.
UNCPassword is the password applied to check access to the virtual directory
path. It is normally accompanied by UNCUsername. I did not find documented
why the metabase allows a password without a username, but I am guessing
that if the path is local the username is assumed. So you would expect
UNCPassword to be inherited wherever the virtual directory path is the same.
AuthFlags is obvious. I had been thinking of Anon as a binary value and
Authentication method as one of several, but of course they are all treated
as binary methods, so AuthFlags is simply the combination of authentication
method values.
The crude answer to my question is, if the directory was inheriting before,
it should inherit the changes unless you specifically want to make a change
lower down the tree,
Anthony
"Anthony" wrote in message
news:%23U4V8ebxGHA.4876@TK2MSFTNGP04.phx.gbl...
>I am using the Altiris system management web service on IIS6.0. The
> Directory Security is fairly straightforward: all the virtual directories
> have Windows Integrated authentication, and some of them allow Anonymous.
> I need to change the authentication method to be Digest, so it can work
> across firewalls. When I remove WIA and add Digest, I am prompted by
> UNCPassword and AuthFlags inherited properties. My problem is that (it
> seems) if I say Yes, the wrong Anonymous settings are applied. If I say
> No,
> the changes I wanted to make are not applied. I have searched on AuthFlags
> and UNCPassword and I am none the wiser.
> What is the correct technique for adding or removing one authentication,
> without changing what is Anonymous or not?
> I want to leave the permissions in as much of a default state as possible.
> For example, if one virtual directory is inheriting security from another,
> I'd like to leave it inheriting even if I change the method used.
> Thanks,
> Anthony
>
>
>