Help setting permissions for IIs site access for domain groupsRSS

1 reply

Last post Mar 04, 2020 03:25 AM by Jalpa Panchal

  • Help setting permissions for IIs site access for domain groups

    Mar 03, 2020 10:02 PM|acenyc|LINK

    I have a test network that I am using for my certifications. I have a domain controller and a member server with IIS configured connected to the domain. The IIs version is 8.5 9600. I have two IIS sites configured in IIS. One site is called intranet and the other site is called finance. I have tried to configure the finance site so only members of the finance group can access the finance IIS site. 

    If a user that is not in the finance group opens the shortcut that deploys the intranet site, and manually types the address of the finance site, they can access the finance site. I think my permissions are not configured properly. I just began learning IIS and I am seeking assistance troubleshooting this problem. Any help would be appreciated.

    Thank you.

    I wanted  to add screenshots of my configuration but I don't know how to add them on this forum.

  • Re: Help setting permissions for IIs site access for domain groups

    Mar 04, 2020 03:25 AM|Jalpa Panchal|LINK

    Hi,

    You could restrict ad users by adding below rule in web.config file:

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            ...
            <security>
                <authorization>
                    <remove users="*" roles="" verbs="" />
                    <add accessType="Allow" roles="myDomain\myGroup01" />
                    <add accessType="Deny" roles="myDomain\myGroup02" />
                    <add accessType="Deny" users="*" />
                </authorization>
            </security>
        </system.webServer>
    </configuration>

    make sure you set authentication in iis:

    Enable: Windows Authentication
    Disable: Anonymous Authentication

    You could not attach the file in a post but you could paste your config code in a post.

    Regards,

    Jalpa

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.