No announcement yet.

Windows Security Question

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows Security Question

    I've got an issue with Windows Server 2008 I need some help with. I've got a server at work running WS2008 - it is not in the corporate domain. Domain users access data on this server through a client application.

    I am having trouble connecting through this client app because Windows security blocks the user (I can see it in the event logs). This is easy to get around by adding a local user with the same name as the domain user (I did this as a temporary measure just for me). I would really hope there is a better solution - can the authentication somehow be passed through to the domain? I browsed the local security policy tools, but I couldn't make it work.

    Assume that this server can not be added to the domain...


  • #2
    What kind of client/server app is? Web-based thru IIS? Or something else entirely?

    If it uses IIS, you can set up it up to allow "anonymous" access and you can set a specific user that IIS uses when users hit it without authentication. If you do this, hopefully there's security/authentication built into the application itself.

    If it's something else, it must be some mechanism that relies on Windows' security systems. You might have to enable the Guest account on the server to allow unauthenticated users access. Check the documentation for the application itself.

    Is there a reason you can't get that server added to the domain?


    • #3
      It is not a web based application as does not use IIS so far as I know. The server uses either Kerberos or NTLM to authenticate before passing to the server side of the app (which also has security).

      If the server stays in a Worksgroup, I believe I am stuck having to mirror the users (and passwords, unfortunately). The next best thing is to maybe create a new domain just for the server and then setup a trust to our corporate domain.

      The reasoning behind it not being on the domain is so 1) our normal IT updates don't get pushed out automatically, which could impact the server on my end in a negative way (has to do with the software running on it) and 2) my IT group felt better about keeping it local down here.


      • #4
        I would go with the trust thing, that was going to be my next suggestion.


        • #5
          1) It should be on the domain so it can be managed by anyone that needs to from anywhere on the network.
          2) create it's own OU and put it in there so that it does not get updates (well none that you want). That way it is safe from unwanted updates.
          3) Then you can use any of the users & groups with whatever permissions you need and there are no local accounts created and needing to be managed.

          if you want more help I can help you figure out anything you'd need to do with it.
          Digital Audio makes me Happy.


          Searching...Please wait.
          An unexpected error was returned: 'Your submission could not be processed because you have logged in since the previous page was loaded.

          Please push the back button and reload the previous window.'
          An unexpected error was returned: 'Your submission could not be processed because the token has expired.

          Please push the back button and reload the previous window.'
          An internal error has occurred and the module cannot be displayed.
          There are no results that meet this criteria.
          Search Result for "|||"