Security

User Access Control

There are five criteria for a successful logon:

• Valid user name and password supplied
• Windows account restrictions, such as time of day allowed to log on
• Account is not disabled or locked out
• Account password has not expired
• The applicable logon policy (for example, Log on locally or Access this computer from the Network)

By default, on a server running Windows, ordinary users (in other words, those who don’t belong to the Administrator group) do not have the Log on locally user right. If FTP or WWW Basic Authentication is used, IIS 5.0 attempts to log on the user as a local user by default.

© 1997-1999 Microsoft Corporation. All rights reserved.