Allowing Access by Using NTFS

After a user logs on, Windows NT Server associates the user with a set of credentials. These credentials are used to create the user's Security Context. The Security Context defines the user's logon mode. The logon mode then determines how NTFS allows the user access to files. Windows NT Server supplies a special user account that corresponds to each Internet service.

Table 1.3 lists the default authentication methods and logon modes and their corresponding Windows NT Server user accounts.

Table 1.3 Services, Authentication, Logon Mode, and Accounts


Service

Authentication Method

Default
Logon Mode

Windows NT User Account

WWW

None (Anonymous)

Local

WWW anonymous account
(typically IUSR_computername)

WWW

HTTP Basic

Local

Specified by Web user

WWW

Windows NT Server challenge / response

Always network

Specified by Web user

WWW

Windows NT Server challenge / response
(as a Guest account)

Local

WWW anonymous account
if Guest access is enabled (typically IUSR_computername)

FTP

Anonymous

Local
(Change to network recommended)*

FTP anonymous account
(typically IUSR_computername)

FTP

FTP
user name / password

Local
(Change to network recommended)*

Specified by FTP user

Gopher

None (always Anonymous)

Local
(Change to network recommended)*

FTP anonymous account
(typically IUSR_computername)


* Preferred because Windows NT Server accepts cryptographic validation.

In the local and batch logon modes, Windows NT Server requires the user's actual password, except for anonymous accounts. In the network logon mode, Windows NT Server accepts cryptographic validation. To make sure that users with local and batch logon modes are configured correctly, you can create a new user group, such as Web Users, and grant the local and batch rights to that group.