IIS Security Problems

[seanmcne]

I am having an issue with my IIS5.0 on windows 2000. I have a secure area of my server setup. When you go to enter the site it will pull up the "enter network password" box. As long as I enter any name into the username box it will let anyone through with no password. I can't figure out what setting is messed up. I am sure it must be something small but I just can't get it.

 

[Guest]

I don't know exactly how you have your IIS server setup, but here is what I would check.

From the "Internet Information Services" admin tool, right click on the folder (virtual directory) that you want secure. Choose properties and click on the "Directory Security" tab. From there click on the "Anonymous Access" Edit button.
Uncheck the "Anonymous Access" check box. Below choose the type of Authenticated access you want. If you choose "Integrated Windows Authentication" you will need to secure the directories manually (I think). You may also need to enable "Windows Authentication" by configuring "Routing and Remote access" to your server. Go the the Help index and look at "Authentication - Windows authentication, configuring" for more info.

You may also try the following:
Find the location of the directory in question. (For example wwwroot). Right click on it and choose properties. Make sure that the "Everyone" group is denied access (especially if you are in a workgroup) and give access only to the users/groups that require it.

Windows help will probably be more helpful than I was. Sorry.