NetResults ProblemTracker
Applying Security Using IIS 5.0 (Windows 2000 Server)

Overview

Microsoft Internet Information Services (IIS) 5.0 bundled with Microsoft Windows 2000 Server uses Active Directory, ADSI, and Directory Services to set/read permissions to provide security for the web pages. IIS 5.0 uses the native security features of the NTFS file system and Active Directory Users and Computers (or Computer Management Console) to provide security for web pages. In order to password protect ProblemTracker on this web server you must install it on an NTFS file system. Microsoft Windows 2000 provides tightly integrated and flexible security. Thus the security permissions on the Windows 2000 directories are very restrictive by default.

Instructions

The following instructions assume a workgroup named ptdev is installed. For your workgroup, substitute your workgroup name for "ptdev" in the steps below.

  1. Enable Password Protection
    • Start the Internet Services Manager ( Start->Programs->Administrative Tools->Internet Services Manager )
    • Double click on the computer/domain name under the folder "Internet Information Services"
    • Select the Default Web Site or a Web Site in which the ProblemTracker virtual directories (e.g. ptdev) are created.
    • Double click on the content directory folder (ptdev) in the left window pane. The files included in the ptdev folders are displayed in the right window pane.
    • For each file or folder that you would like to password protect, repeat the following steps:
      • Right click on the file or directory. A pull down menu appears. Select Properties.
      • Select the File Security (or Directory Security) tab.
      • Press the Edit... button in the Anonymous Access and Authentication Control.
      • Unselect Allow Anonymous Access.
      • Select Basic Authentication. A warning dialog box will pop up. Press Yes. Press the Edit... button for Basic Authentication.
      • An input dialog for Basic Authentication Domain will pop up. Select the appropriate domain for your web Server. In most cases it should be the local domain. If so, select Use Default and press OK.
      • Press Ok in the Authentication Method dialog box.
      • Press Apply and then OK in the Properties dialog box.

  2. Set File/Directory Security on Windows 2000 Server
    • Start the Windows 2000 Explorer ( Start->Programs->Accessories->Windows Explorer )
    • Select the directory where ProblemTracker is installed, e.g. ptdev.
    • In the right pane of the Explorer, select the directory or file(s) you would like to limit access to. You can select multiple items by holding down the Control key as you click on files.
    • With the files or the directory highlighted, select the "File->Properties" menu or right click and choose Properties menu, and click on the Security tab of the dialog.
    • By default "PUSR4<HOSTNAME>" where <HOSTNAME> is the TCP/IP name of the server where ProblemTracker is installed will have all the check boxes checked (and grayed) under the column "Allow" and none checked under the column "Deny".
    • Delete the default permission for "PUSR4<HOSTNAME>" and any others that grant access to anyone you do not wish to have access to the selected directory or files, by selecting those users and clicking the "Remove" button. If you do not wish for an individual to see a web page, make sure the user does not have Read checkbox checked under the column "Allow" (or if the Read checkbox is checked and grayed then check the Read checkbox under the column "Deny") for the file or directory.
    • Press the "Add..." button to display the "Select Users, Computers and Groups" dialog. Under "Look In:" select your Windows 2000 domain name. Now add any particular user/group (for example "Administrator" you would like to give access the selected directory or files by selecting their names (press Ctrl to select multiple users/groups), and pressing the "Add" button. The users/groups will be listed in the list below. Now click "OK" to close this dialog. The users/groups chosen will get added to the list. You can grant/deny permissions for each user/group by checking/unchecking the checkboxes under the columns "Allow" and "Deny".
    • Refer to the table in the Web Server Security Overview section to determine which content directories and program files you would like to protect based upon function. Then repeat the process described here for each of the directory.

    WMS Operations that can impact your Custom Security Settings

    The Repair, Move, and Upgrade operations that can be performed in the Workgroup Management System can reset the customized security you have applied to the locations listed in the table above. Before you use the Repair, Move, or Upgrade operations, it is recommended that you take note of the security scheme you have applied, then re-apply these changes after using one of those operations.

    For more information on the WMS operations, please refer to the following sections in the WMS Help Guide:

    Repairing a Workgroup
    Moving a Workgroup
    Upgrading a Version 3 Workgroup
    Upgrading a Version 4 or 5 Workgroup