NetResults ProblemTracker
Applying Security Using IIS 4.0 & NT Personal Web Server

Overview

Internet Information Server 4.0 & NT Personal Web Server use the native security features of the NTFS file system and Windows NT user administration to provide security for web pages. In order to password protect ProblemTracker on any of these web servers you must install it on an NTFS file system.

Instructions

  1. Enable Password Protection
    • Start the Internet Service Manager

      NT Workstation
      Start->Programs->Windows NT 4.0 Option Pack->Microsoft Personal Web Server->Internet Service Manager

      NT Server
      Start->Programs->Windows NT 4.0 Option Pack->Microsoft Internet Information Server->Internet Service Manager

    • Select Default Web Site or a Web Site of your choice
    • Double click on the content directory folder (ptdev or ptweb) in the left window pane. The files included in the ptdev or ptweb folders are displayed in the right window pane.
    • For each file or folder that you would like to password protect, repeat the following steps:
      • Right click on the file or directory. A pull down menu appears. Select Properties.
      • Select the File Security (or Directory Security) tab.
      • Press the Edit... button in the Anonymous Access and Authentication Control.
      • Unselect Allow Anonymous Access.
      • Select Basic Authentication. A warning dialog box will pop up. Press Yes. Press the Edit... button for Basic Authentication.
      • An input dialog for Basic Authentication Domain will pop up. Select the appropriate domain for your Web Server. In most cases it should be the local domain. If so, select Use Default and press OK.
      • Press Ok in the Authentication Method dialog box.
      • Press Apply and then OK in the Properties dialog box.

  2. Define Windows NT Users
    • Start the NT User Manager

      NT Workstation
      Start->Programs->Administrative Tools->User Manager

      NT Server
      Start->Programs->Administrative Tools->User Manager for Domains

    • You should see the default user you added to allow anonymous access to the web server (IUSR_HostName, where HostName is the name of your machine). Select the "User->New User" menu command.
    • Enter the user name you'd like to use limit access to ProblemTracker (for example, an Administrator named "ptadmin") and a password. Uncheck all the check boxes except for the one labeled "Password Never Expires", and press the Groups button.
    • In the Group Memberships dialog, select the desired group from the right list and press the "<-Add" button. Repeat until all of the desired groups appear in the "Member of:" list. In general only the Guests and Users groups are necessary.
    • Then press OK, and OK again, and finally use the "User->Exit" command to exit the User Manager.

  3. Set File Security on Windows NT
    • Start the Windows NT Explorer
    • Select the directory where ProblemTracker is installed, either ptdev or ptweb.
    • In the right pane of the Explorer, select the directory or file(s) you would like to limit access to. You can select multiple items by holding down the Control key as you click on files.
    • With the files highlighted, select the "File->Properties" menu, click on the Security tab of the dialog, and press the Permissions button.
    • The File Permissions dialog is displayed. By default it has the value "Everyone Full Control(All)". Delete this row, and any others that grant access to anyone you do not wish to have access to the selected directory or files. If you do not wish for an individual to see a web page, make sure the user does not have Read (R) permissions for the file or directory.
    • Press the Add... button to display the Add Users and Groups dialog. Under "List Names From:" select your Windows NT domain and click on the Show Users button. Now add any particular user you would like to give access to the select directory or files by selecting their name, pressing the "Add" button, selecting the access type, and pressing OK. Repeat this process for any other users.
    • Back on the File Permissions dialog, press the Add... button to display the Add Users and Groups dialog. Under "List Names From:" select your machine (\\HostName*, where HostName is the name of your machine), and click on the Show Users button. Now add any users you defined earlier (e.g. ptadmin) by selecting the name, pressing the "Add" button, selecting the appropriate access and pressing OK.
    • Press the OK button, and the OK button again.
    • Refer to the table in the Web Server Security Overview section to determine which content directories and program files you would like to protect based upon function. Then repeat the process described here for each.