RE: Save IE password thorugh group policy
- From: Komandur Kannan <komandur@xxxxxxxxxxxxxxx>
- Date: Wed, 21 Feb 2007 20:21:13 -0800
Tom,
Looks like the question is mis-understood. I will give you an example. Let
us say we have a common mail box called sss@xxxxxxxxxxx and the password is
provided to the staff to check this mail. when a person leaves, we have to
change this password and inform everyone - The problem with this method is
that the information is not secure as many people check this site and the new
password may also be leaked.
So what i want to do is "save" this password sort of cookie through
group-policy if you understand what i mean. This way when the user goes to
that web site, this remote cookie will pickup the password so that the users
need not know the password and can access this site - Am I making sense?
thank you
Kannan
"tom" wrote:
Hi Komandur,.
Thank you for your post!
From your post, my understanding of this issue is: You want to use the
group policy save account¡¯s username and password. If I have misunderstood
your concerns, please feel free to let me know.
Based on my experience, the group policy can not save username and
password. You can configure IIS to Anonymous access or Digest
authentication for Windows domain servers before user permitted access to a
Web site.
Therefore, please refer to the following methods to see if this issue can
be resolved.
* Method 1: Configure Authentication in IIS (Anonymous access)
=======================
1. Start IIS Manager or open the IIS snap-in.
2. Expand Server_name, where Server_name is the name of the server, and
then expand Web Sites.
3. In the console tree, right-click the Web site, virtual directory, or
file for which you want to configure authentication, and then click
Properties.
4. Click the Directory Security or File Security tab (as appropriate), and
then under Anonymous and access control, click Edit.
5. Click to select the check box ¡°Anonymous access¡±, and then click OK.
Anonymous access: When anonymous access is turned on, no authenticated user
credentials are required to access the site. This option is best used when
you want to grant public access to information that requires no security.
When a user tries to connect to your Web site, IIS assigns the connection
to the IUSER_ComputerName account, where ComputerName is the name of the
server on which IIS is running. By default, the IUSER_ComputerName account
is a member of the Guests group. This group has security restrictions,
imposed by NTFS file system permissions, that designate the level of access
and the type of content that is available to public users. To edit the
Windows account used for anonymous access, click Browse in the Anonymous
access box.
IMPORTANT: If you turn on anonymous access, IIS always tries to
authenticate users by using anonymous authentication first, even if you
turn on additional authentication methods.
* Method 2: Configure Authentication in IIS (Digest authentication for
Windows domain servers)
======================
1. Start IIS Manager or open the IIS snap-in.
2. Expand Server_name, where Server_name is the name of the server, and
then expand Web Sites.
3. In the console tree, right-click the Web site, virtual directory, or
file for which you want to configure authentication, and then click
Properties.
4. Click the Directory Security or File Security tab (as appropriate), and
then under Anonymous and access control, click Edit.
5. Click to select the check box ¡°Digest authentication for Windows domain
servers¡±, and then click OK.
Digest authentication for Windows domain servers: Digest authentication
requires a user ID and password, provides a medium level of security, and
may be used when you want to grant access to secure information from public
networks. This method offers the same functionality as basic
authentication. However, this method transmits user credentials across the
network as an MD5 hash, or message digest, in which the original user name
and password cannot be deciphered from the hash. To use this method,
clients must use Microsoft Internet Explorer 5.0 or later, and the Web
clients and Web servers must be members of, or be trusted by, the same
domain.
If you turn on digest authentication, type the realm name in the Realm box.
For more information, please refer to the following KB article:
324274 How To Configure IIS Web Site Authentication in Windows Server 2003
http://support.microsoft.com/kb/324274/en-us
Please try my methods and update me with the results. If something is
unclear, please feel free to let me know.
Sincerely,
Tom Zhang, MCSE 2003
Microsoft Online Support
Microsoft Global Technical Support Center
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Follow-Ups:
- References:
- Prev by Date: RE: Save IE password thorugh group policy
- Next by Date: Re: GPO Filtering and WSUS
- Previous by thread: RE: Save IE password thorugh group policy
- Next by thread: RE: Save IE password thorugh group policy
- Index(es):
Relevant Pages
|
