→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dodgal
Engaged Sweeper
Hi,

I want to restrict access to the Web Console to a domain user group.

I followed the steps outlined in Lansweepers Knowledge base article "How to restrict access to the Lansweeper Website". It doesn't work for me. I changed the allowed roles to = BUILTIN\Administrators and I made my domain user group members of the administrators group on my Lansweeper server - this doesn't work either.

I am attaching my web config file and my ASP.NET Authorisation configuration for info. Is there anywhere else I should be looking? Or have I missed something? Anonymous access is disabled and windows authentication is enabled

Thanks in advance

Sorry - I can't upload my web.config file so I've copied it below. Neither can I send the screenshot of the ASP.Net config - file to big to upload.

Web.config file
configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=LANSWEEPER\SQLEXPRESS;Initial Catalog=Lansweeper32;User ID=lssqluser32;Password=mysecretpassword0*"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
<add key="dateformat" value="dd/MM/yyyy"/>
</appSettings>
<system.web>
<identity impersonate="true"/>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
<allow roles="BUILTIN\administrators" />
<deny users="*" />
</authorization>
<compilation debug="false" strict="false" explicit="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" type="System.Web.Script.Services.ScriptHandlerFactory" validate="false"/>
<add verb="*" path="*_AppService.axd" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
</system.web>
</configuration>



11 REPLIES 11
dodgal
Engaged Sweeper
Sorry for the delay in getting back to you. I have resolved the issue , and the original workaround in the knowledge base article worked thanks for your assistance
Hemoco
Lansweeper Alumni
Screenshots look ok.
Could you post your updated web.config file please.
dodgal
Engaged Sweeper
Lansweeper is installed on a Windows Server 2003 Standard Edition SP2. Attached is screenshots as requested
Hemoco
Lansweeper Alumni
Which version of windows are you using, could you post a screenshot please.
dodgal
Engaged Sweeper
Virtual Website > Properties > Directory Security TAB > Authentication Access Control - Anonymous Disabled, Authenticated Access - Integrated Windows is on.

Virtual Website > Properties > ASP.NET TAB > Configuration > Authentication TAB > Authentication Mode is set to Windows.
Hemoco
Lansweeper Alumni
at the top "anonymous access" should be disabled.
At the bottom, "integrated windows authentication" should be enabled.
dodgal
Engaged Sweeper
It is set to Windows - is that the same?
Hemoco
Lansweeper Alumni
On IIS did you change to integrated authentication?
dodgal
Engaged Sweeper
I don't know if this has any impact, but the lansweeper website is actually a virtual directory and I have noticed that in IIS, on the ASP.NET tab, Edit Configuration button, on the Authorization tab, it has inherited authorisation rules is set to Allow *.