Security

Previous Topic Next Topic

Troubleshooting Permissions

As you can see, access to resources such as files and databases can be a complex issue when you are securing your Web server. Site administrators often work blindly when trying to troubleshoot access problems. Monitoring how the server is being used is a good place to start, which requires you to set up auditing.

The following outlines how to set up auditing and logging for troubleshooting.

To set up auditing for user logons and file access

  1. Open the Global Policy Editor for the computer or domain in question.
  2. Go to Computer Configuration, Windows Settings, Security Settings, Local Policies and then Audit Policy.
  3. Set Audit successful attempts and Audit failed attempts to Yes under the Audit Logon Events category.
  4. Set Audit failed attempts to Yes under the Audit Object Access category.

To choose the file to audit

  1. Open Windows Explorer.
  2. Select the file or folder that you want to audit.
  3. Right-click the file or folder and select Properties.
  4. Click the Security tab and the Advanced button, and then click the Auditing button.
  5. Click the Add button.
  6. Select Everyone, click Add, and then click OK.
  7. Select Successful and Failed for the following:
  8. Click OK.

Much of this process is shown in the following figure.

Auditing Access to a Single File

To enable Web Logging

  1. Open the Computer Management administration tool.
  2. Click Server Applications and Services to expand it and click IIS 5.0 to do the same.
  3. Select the Web server in question.
  4. Right-click on the Web site and select Properties.
  5. Select Enable Logging.
  6. Click the Properties button.
  7. Click the Extended Properties tab.
  8. Select (at least) the following: Date, Time, Client IP Address, User Name, Method, HTTP status, and Win32 status.
  9. Click OK to exit the logging properties.
  10. Click OK to exit the Web site properties.
  11. Now that basic auditing is in place, clear any cached logon information (remember, for performance purposes IIS 5.0 can cache logon information) by typing the following at the command prompt:

    NET STOP IISADMIN /Y   This stops all IIS 5.0 services.

    NET START W3SVC   This starts the Web service, if installed.

    NET START MSFTPSVC   This starts the File Transfer Protocol (FTP) service, if installed.

    NET START NNTPSVC   This starts the Network News Transfer Protocol (NNTP) service, if installed.

    NET START SMTPSVC   This starts the Simple Mail Transfer Protocol (SMTP) service, if installed.

  12. Open the Event Viewer.
  13. Clear the Security log by right-clicking the Security log and selecting Clear all events.

See the following:


© 1997-1999 Microsoft Corporation. All rights reserved.