Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-10-2009 03:13 PM
Hi,
I want to restrict access to the Web Console to a domain user group.
I followed the steps outlined in Lansweepers Knowledge base article "How to restrict access to the Lansweeper Website". It doesn't work for me. I changed the allowed roles to = BUILTIN\Administrators and I made my domain user group members of the administrators group on my Lansweeper server - this doesn't work either.
I am attaching my web config file and my ASP.NET Authorisation configuration for info. Is there anywhere else I should be looking? Or have I missed something? Anonymous access is disabled and windows authentication is enabled
Thanks in advance
Sorry - I can't upload my web.config file so I've copied it below. Neither can I send the screenshot of the ASP.Net config - file to big to upload.
Web.config file
configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=LANSWEEPER\SQLEXPRESS;Initial Catalog=Lansweeper32;User ID=lssqluser32;Password=mysecretpassword0*"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
<add key="dateformat" value="dd/MM/yyyy"/>
</appSettings>
<system.web>
<identity impersonate="true"/>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
<allow roles="BUILTIN\administrators" />
<deny users="*" />
</authorization>
<compilation debug="false" strict="false" explicit="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/>
<add verb="*" path="*_AppService.axd" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
</system.web>
</configuration>
I want to restrict access to the Web Console to a domain user group.
I followed the steps outlined in Lansweepers Knowledge base article "How to restrict access to the Lansweeper Website". It doesn't work for me. I changed the allowed roles to = BUILTIN\Administrators and I made my domain user group members of the administrators group on my Lansweeper server - this doesn't work either.
I am attaching my web config file and my ASP.NET Authorisation configuration for info. Is there anywhere else I should be looking? Or have I missed something? Anonymous access is disabled and windows authentication is enabled
Thanks in advance
Sorry - I can't upload my web.config file so I've copied it below. Neither can I send the screenshot of the ASP.Net config - file to big to upload.
Web.config file
configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=LANSWEEPER\SQLEXPRESS;Initial Catalog=Lansweeper32;User ID=lssqluser32;Password=mysecretpassword0*"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
<add key="dateformat" value="dd/MM/yyyy"/>
</appSettings>
<system.web>
<identity impersonate="true"/>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
<allow roles="BUILTIN\administrators" />
<deny users="*" />
</authorization>
<compilation debug="false" strict="false" explicit="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/>
<add verb="*" path="*_AppService.axd" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
</system.web>
</configuration>
Labels:
- Labels:
-
Archive
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-10-2009 03:38 PM
Thanks so much for the quick response!
I just tried your suggestion and all that has achieved is to deny access to the web console when you browse from the lansweeper server, but any domain user even those not members of the Admin group on the Lansweeper Server can still browse to the Web Console from their own pc's.
I just tried your suggestion and all that has achieved is to deny access to the web console when you browse from the lansweeper server, but any domain user even those not members of the Admin group on the Lansweeper Server can still browse to the Web Console from their own pc's.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-10-2009 03:25 PM
You need to change this to "DOMAINNAME\administrators" for the domain group or "COMPUTERNAME\administrators" for the local administrator group
