RE: Client Certification when using Remote Web
- From: "Core" <Core@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 21 Feb 2006 00:41:26 -0800
Hi
Yes my goal is to restrict computers, but not based on client IP. Is it not
possible to issue a client certificate to all the computers/users, so that
only those computers can get access to the Remote Web?
I am not happy that "everyone" can get the login prompt, and maybe "feel
lucky"
Thanks
""Brandy Nee [MSFT]"" wrote:
Dear Customer,.
Thank you for posting to the SBS Newsgroup.
I have read through your post for several times. I assume that you want to
restrict some workstations to access RWW. If I have misunderstood your
concern, please let me know.
Based on my research, we can restrict IP address in IIS to access web
sites. For example:
a. Open Internet Information Services\Yourdomain (local computer)\Web
Sites\Default Web Site\Remote.
b. Right click Remote and select Properties.
c. On the Directory Security tab.
d. Click Edit under "IP address and domain name restrictions".
e. You can add the IP address in to restrict access.
In IIS, you also can authenticate users who log on with a client
certificate by mapping the certificates to Windows user accounts. The
mapped certificates are used to either deny access to Web resources, or
grant rights and permissions for the mapped user account. There are two
methods in which to map certificates:
1. One-to-one mapping
One-to-one mapping maps a single client certificate to a single user
account. The server compares a copy of its certificate with the client
certificate that is sent by the browser. Both certificates must be
identical for the mapping to proceed.
2. Many-to-one mapping
Many-to-one mapping maps multiple certificates to a single user account. It
uses wildcard matching rules to define the certificate criteria for
mapping. This type of mapping does not compare the actual client
certificate, instead, it accepts all client certificates that meet specific
criteria. If certificates match the rules, they are mapped to the
appropriate user account.
For more detail information, please see:
313070 HOW TO: Configure Client Certificate Mappings in Internet
Information Services (IIS) 5.0
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313070
272175 HOW TO: Configure Active Directory Certificate Mapping
http://support.microsoft.com/default.aspx?scid=kb;EN-US;272175
Hope it helps. If you have any further questions or concern, please feel
free to let me know. I am looking forward to hearing from you!
Best regards,
Brandy Nee
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Client Certification when using Remote Webcan
thread-index: AcY2L+vzuyXfoELTS42+4w08qvKwXA==
X-WBNR-Posting-Host: 212.88.88.67
From: "=?Utf-8?B?Q29yZQ==?=" <Core@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Client Certification when using Remote Web
Date: Mon, 20 Feb 2006 07:11:27 -0800
Lines: 11
Message-ID: <E1A21549-9A51-459F-8104-CBA95B3FDE8D@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:245843
X-Tomcat-NG: microsoft.public.windows.server.sbs
Hi
All my computers are added to the domain with "connectcomputer" - but I
access "Remote Web" from a computer that has never been on the SBS domain.
How can I use "Client Certificates" - meaning that ONLY machines with a
valid certificate can access the https Remote Web.
Do I have to install "Certification Services" on the SBS server or?
Thanks
- Follow-Ups:
- RE: Client Certification when using Remote Web
- From: "Brandy Nee [MSFT]"
- RE: Client Certification when using Remote Web
- References:
- RE: Client Certification when using Remote Web
- From: "Brandy Nee [MSFT]"
- RE: Client Certification when using Remote Web
- Prev by Date: dfsserv.exe using too much cpu
- Next by Date: RE: Client Certification when using Remote Web
- Previous by thread: RE: Client Certification when using Remote Web
- Next by thread: RE: Client Certification when using Remote Web
- Index(es):
Relevant Pages
|
