SBS 2003/member Web Server and ISUR access

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi,

II have an SBS 2003 prem setup with 2 NICs - works fine, comp name is
e.g. SBS01

Joined to the domain is a Windows 2003 with 2 NICS also, comp name is
e.g. WEB01

The set up of the two servers is almost identical, with 1 NIC each
connecting to the router and one NIC each connected to a switch. The
member server is part of the SBS domain on a static IP - this all works
fine without error.

I am using the member server as a web server. I am trying to work out
how to set up NTFS permissions to ensure the network is safe.

Currently, the web hosting is on a second disk frorm the member server
OS install, e.g. E:\Websites\{WEBSITE}\index.htm

The E: disk is shared with Everyone set to Full Control. Security is
set to Everyone with Full Control for all folders, sub folders and
files.

The Websites folder is shared with Everyone set to Full Control.
Security is set to Domain Admins with Full Control of all Folders, sub
folders, and files. Everyone is added with Read & Execute on all
Folders, sub folders and files.

This is the only setup i can seem to do to get the websites to host
live on the internet. All websites are set up as virtual directories,
with Anonymous Access enabled.

In AD in SBS, there is user called ISUR_SBS01 - for anonymous logging
to the SBS IIS. If i change this to say IUSR_WEB01, then it means OWA
and RWW wont work.

The sites wont show up on the internet unless I go to each virtual
directory and set Anonymous Access username to IUSR_WEB01...which makes
sense to me as external users are connecting with the anonymous user
account of that machine.

The problem is i cant seem to add IUSR_WEB01 to the NTFS permissions in
order to tighten up the permissions for all the websites - I am
following the same procedure I used on SBS NT4.5, where I had
E:\Websites having IUSR_WEB01 set to list, and then full control on the
E:\Websites\{WEBSITE} folder. I dont think this is wrong, or am i not
ticking enough boxes?

Do i have to create this IUSR_WEB01 account in AD on the SBS for it to
become registered and properly usable in the NTFS permissions? I havent
done it yet as I have got 2 clean installs on the servers and dont want
to mess them up!

Thanks for any help!

Anyone with any ideas?

But if I open IIS in teh member server and change the Anonymous Access
account to

.

Relevant Pages

  • Re: connect computer problem
    ... You should only have one NIC on the Member server with an IP which assuming ... Frank McCallister SBS MVP ... > the link "Connect to the network now". ... System has 2 nics with a third being an internal ...
    (microsoft.public.windows.server.sbs)
  • Re: Dual Internal NICs
    ... Javier [SBS MVP] ... > information I find for dual NICs refers to clustering which I do no intend ... > point as a backup DC or member server. ...
    (microsoft.public.windows.server.sbs)
  • Permissions to other servers on domain
    ... I have an SBS 2003 server as well as a newly added server to the domain. ... added server I want to give permissions to folders using the AD users on the ... on the member server it does not see the AD users. ...
    (microsoft.public.windows.server.sbs)
  • Re: Install 3 times (triple crown)
    ... [switch (could be built into router)] ... In the above example, the gateway router lan side is on the 192.168.0.x network, as are the wan nics of the SBS boxes. ... built 4 SBS servers with one installation and launched,> which are ...
    (microsoft.public.windows.server.sbs)
  • Re: Install 3 times (triple crown)
    ... Build the customer SBS box enabling both nics ... network, as are the wan nics of the SBS boxes. ... how far can you go with the installation? ...
    (microsoft.public.windows.server.sbs)