401.3 ACL error

F

Fox

Hi

I do not run a domain or Active Directory.
I am on IIS 5.0 on Windows 2000 server.
When I secure a folder and its files I
am having a problem getting the new
user to be able to access it. The IIS
security tab has Anonymous unchecked.
The other two boxes are checked.
I have tried also with only the clear
text authentication checked.
I have tried that user with having all
the way up to FULL permissions, without
it working.

I get a 401.3 error.

However, If I allow IUSR/Machine or add the
new user (temporarily) to Administrators group,
it works fine.

Am I forgetting something or could something
have happened to screw up my security management?

Regards,
Fox
 
T

Tom Kaminski [MVP]

Fox said:
Hi

I do not run a domain or Active Directory.
I am on IIS 5.0 on Windows 2000 server.
When I secure a folder and its files I
am having a problem getting the new
user to be able to access it. The IIS
security tab has Anonymous unchecked.
The other two boxes are checked.
I have tried also with only the clear
text authentication checked.
I have tried that user with having all
the way up to FULL permissions, without
it working.

I get a 401.3 error.

However, If I allow IUSR/Machine or add the
new user (temporarily) to Administrators group,
it works fine.

Am I forgetting something or could something
have happened to screw up my security management?

401.3 means the account still does not have NTFS permission to the file
requested.

IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control

IIS 6 Documentation
http://www.microsoft.com/technet/pr...r2003/proddocs/standard/gs_authentication.asp


HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358
HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;324274
 
F

Fox

Tom Kaminski said:
401.3 means the account still does not have NTFS permission to the file
requested.

IIS 5 Documentation
http://www.microsoft.com/windows2000/en/server/iis/
Microsoft Internet Information Server
Administration
Server Administration
Security
Authentication
Access Control

IIS 6 Documentation
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/stan
dard/gs_authentication.asp


HOW TO: Configure IIS 5.0 Web Site Authentication in Windows 2000
http://support.microsoft.com/?id=310344
HOW TO: Configure User and Group Access on an Intranet in Windows 2000 or
Windows NT 4.0
http://support.microsoft.com/?id=325358
HOW TO: Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;324274

--
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/

If there is a more appropriate NG for this, can you point me to it
so I will not be off topic? I did not find one.

Thanks for all the detailed links. I entirely read all but the first one.
I have been running this server for 2 years after 6 years with NT4
and this problem just started.

There has to be something seriously comprimised. I really don't know
what the next thing to do will be. Reformtting and starting over is not
an option right now. I have sat at the computer as long as 5 hours
straight fiddling around with tests, on more than one occasion, and
it just doesn't work right anymore. Have you ever heard of this type
of a comprimise. I know I have been hacked and cannot find the
remnants on server. I do not know what it had done, but I stopped
it from calling home and have had to live with it in that state. No
programs nor does my searching find the culprit. Meanwhile I am thinking
that if is it possible, this is what comprimised my security since it
just doesn't work right anymore.

It is obvious that if I can get someone in there on Front Page
and they are part of the users group and clear text is selected
then everything has been done. As I had mentioned, if I add them
to the ADMIN group or if I allow IUSR to access the folder
it works fine. I would think from that, that I have done all I can
do. HELP !

Feedback is more than welcome


Regards,
Dennis
 
T

Tom Kaminski [MVP]

Fox said:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/stan

If there is a more appropriate NG for this, can you point me to it
so I will not be off topic? I did not find one.

Why microsoft.public.inetserver.iis of course!
Thanks for all the detailed links. I entirely read all but the first one.
I have been running this server for 2 years after 6 years with NT4
and this problem just started.

There has to be something seriously comprimised. I really don't know
what the next thing to do will be. Reformtting and starting over is not
an option right now. I have sat at the computer as long as 5 hours
straight fiddling around with tests, on more than one occasion, and
it just doesn't work right anymore. Have you ever heard of this type
of a comprimise. I know I have been hacked and cannot find the
remnants on server. I do not know what it had done, but I stopped
it from calling home and have had to live with it in that state. No
programs nor does my searching find the culprit. Meanwhile I am thinking
that if is it possible, this is what comprimised my security since it
just doesn't work right anymore.

No, i've never heard of this type of compromise - but if you've been hacked
and can't get anything to work right, sometimes rebuidling from scratch is
the only solution ...
It is obvious that if I can get someone in there on Front Page
and they are part of the users group and clear text is selected
then everything has been done. As I had mentioned, if I add them
to the ADMIN group or if I allow IUSR to access the folder
it works fine. I would think from that, that I have done all I can
do. HELP !

Try here:

HOW TO: Set Basic NTFS Permissions for IIS 5.0
http://support.microsoft.com/default.aspx?scid=kb;en-us;271071

How to Restore the Default NTFS Permissions for Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;266188

HOW TO: Set IIS Permissions for Specific Objects
http://support.microsoft.com/default.aspx?scid=kb;en-us;324068
 
T

Tom Kaminski [MVP]

Tom Kaminski said:
Why microsoft.public.inetserver.iis of course!

Oh yeah, microsoft.public.inetserver.iis.security is probably a good one too
....
 
M

Mark Schupp

Your user account may need permissions on a file outside of the application
such as a component dll. Enable file auditing and check for access failures.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top