NetResults ProblemTracker
Applying Security Using IIS 4.0 & NT Personal Web Server

Overview

NOTE: Microsoft intends to discontinue support of the Windows NT 4.0 platform as of January 1, 2004. As such, it is not recommended that you use Windows NT 4.0 for any new installations of ProblemTracker. More information on this change is available on the Microsoft NT Server web site.

Internet Information Server 4.0 & NT Personal Web Server use the native security features of the NTFS file system and Windows NT user administration to provide security for web pages. In order to password protect ProblemTracker on any of these web servers you must install it on an NTFS file system.

Instructions

The following instructions assume a workgroup named pteval is installed. For your workgroup, substitute your workgroup name for "pteval" in the steps below.

Enable Authentication

  1. Start the Internet Service Manager

    NT Workstation
    Start->Programs->Windows NT 4.0 Option Pack->Microsoft Personal Web Server->Internet Service Manager

    NT Server
    Start->Programs->Windows NT 4.0 Option Pack->Microsoft Internet Information Server->Internet Service Manager

  2. Select Default Web Site or a Web Site of your choice
  3. Double click on the content directory folder (pteval) in the left window pane. The files included in the pteval folders are displayed in the right window pane.
  4. For each file or folder that you would like to password protect, repeat the following steps:
    1. Right click on the file or directory. A pull down menu appears. Select Properties.
    2. Select the File Security (or Directory Security) tab.
    3. Press the Edit... button in the Anonymous Access and Authentication Control.
    4. Unselect Allow Anonymous Access.
    5. Select Basic Authentication. A warning dialog box will pop up. Press Yes. Press the Edit... button for Basic Authentication.
    6. An input dialog for Basic Authentication Domain will pop up. Select the appropriate domain for your Web Server. In most cases it should be the local domain. If so, select Use Default and press OK.
    7. If desired, select Integrated Windows authentication (Note: this method of authentication is only supported by Internet Explorer).
    8. Press OK in the Authentication Method dialog box.
    9. Press Apply and then OK in the Properties dialog box.

Set File Security on Windows NT

The following procedure provides the steps for setting the file permissions for use with Basic and Integrated Windows Authentication.

  1. Refer to the Default Security table in the Web Server Security Overview section for the permissions required for users to access ProblemTracker. For all users that need to access ProblemTracker workgroups (e.g. "pteval"), please grant them the permissions listed on the table for the user "PUSR4HOSTNAME". For all users that need to access the Workgroup Management System (WMS), please grant them the permissions listed on the table for "Administrators" (or instead of granting specific permissions simply add these users that need to access WMS to the local Administrators user group on the machine where ProblemTracker is installed). To grant these permissions using the sub-steps below. Without these required permissions, users may encounter errors when trying to use ProblemTracker or the Workgroup Management System with basic and/or Integrated Windows authentication enabled.
    1. Start the Windows NT Explorer
    2. Select the directory referenced in the Default Security table
    3. In the right pane of the Explorer, select the directory or file(s) you would like to limit access to. You can select multiple items by holding down the Ctrl key on your keyboard as you click on files.
    4. With the files highlighted, select the File -> Properties menu, click on the Security tab of the dialog, and press the Permissions button.
    5. The File Permissions dialog is displayed. By default it has the value "PUSR4<HOSTNAME> Modify" where <HOSTNAME> is the TCP/IP name of the machine where ProblemTracker is installed. Delete this row, and any others that grant access to anyone you do not wish to have access to the selected directory or files. If you do not wish for an individual to see a web page, make sure the user does not have Read (R) permissions for the file or directory.
    6. Press the Add... button to display the Add Users and Groups dialog. Under "List Names From:" select your Windows NT domain and click on the Show Users button. Now add any particular user you would like to give access to the select directory or files by selecting their name, pressing the Add button, selecting the access type, and pressing OK. Repeat this process for any other users.
    7. Back on the File Permissions dialog, press the Add... button to display the Add Users and Groups dialog. Under List Names From: select your machine (\\HostName*, where HostName is the name of your machine), and click on the Show Users button. Now add any users you defined earlier (e.g. Administrator) by selecting the name, pressing the Add button, selecting the appropriate access and pressing OK.
    8. Press the OK button, and the OK button again.
  2. Refer to the ProblemTracker Organization table in the Web Server Security Overview section to determine which content directories and program files you would like to protect based upon function. To grant these permissions, use the sub-steps below:
    1. Start the Windows NT Explorer
    2. Select the directory referenced in the ProblemTracker Organization table
    3. In the right pane of the Explorer, select the directory or file(s) you would like to limit access to. You can select multiple items by holding down the Ctrl key on your keyboard as you click on files.
    4. With the files highlighted, select the File -> Properties menu, click on the Security tab of the dialog, and press the Permissions button.
    5. The File Permissions dialog is displayed. By default it has the value "PUSR4<HOSTNAME> Modify" where <HOSTNAME> is the TCP/IP name of the machine where ProblemTracker is installed. Delete this row, and any others that grant access to anyone you do not wish to have access to the selected directory or files. If you do not wish for an individual to see a web page, make sure the user does not have Read (R) permissions for the file or directory.
    6. Press the Add... button to display the Add Users and Groups dialog. Under "List Names From:" select your Windows NT domain and click on the Show Users button. Now add any particular user you would like to give access to the select directory or files by selecting their name, pressing the Add button, selecting the access type, and pressing OK. Repeat this process for any other users.
    7. Back on the File Permissions dialog, press the Add... button to display the Add Users and Groups dialog. Under List Names From: select your machine (\\HostName*, where HostName is the name of your machine), and click on the Show Users button. Now add any users you defined earlier (e.g. Administrator) by selecting the name, pressing the Add button, selecting the appropriate access and pressing OK.
    8. Press the OK button, and the OK button again.

WMS Operations that can impact your Custom Security Settings

The Repair, Move, and Upgrade operations that can be performed in the Workgroup Management System can reset the customized security you have applied to the locations listed in the table above. Before you use the Repair, Move, or Upgrade operations, it is recommended that you take note of the security scheme you have applied, then re-apply these changes after using one of those operations.

For more information on the WMS operations, please refer to the following sections in the WMS Help Guide:

Repairing a Workgroup
Moving a Workgroup
Upgrading a Version 3 Workgroup
Upgrading a Version 4 or 5 Workgroup