Funky issue with IIS during one of my exercises

I have a user that SHOULD have access to a web page, but cannot connect. The web page is configured for Integrated Windows Authentication..

Simple enough so far.

His UN/PW combo does not work, and after three tries, it kicks him to an error page, saying that the account cannot connect because of the IIS server configuration.

I check the the NTFS permissions on the folder and file the account is connecting to, and he is a member of a group that is explicitly denied full control. Cool.. I got this.

I take him out of the group. Still does not work.

I compare his group memberships to another user that can currently access the page. THis account has same memberships now.

I explicitly give him read access.. Still no workie.

I check the effective permissions..Says he has read/execute access on this file and folder..

I scratch my head a while.

I COPY his account. New account works fine.

HUH???

The way I see it, only an explicit deny on the folder or file will exhibit this symptom, but I already checked the effective permissions, and I checked to make sure there was no share permissions interfering.

I change the account password.. Works fine now. I change it back...Still works fine.

Am I missing something here? Or did the SID get jacked, and something in it got "fixed" when I reset the password?

I am so cornfused.

Russ

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

dynamik

Did his account get locked out by chance? I'm not sure if resetting his password would unlock it; maybe the lockout duration expired around the same time you did that.

pogue

dynamik wrote: »

Did his account get locked out by chance? I'm not sure if resetting his password would unlock it; maybe the lockout duration expired around the same time you did that.

Ayup..I think it was that..Thanks...

Uggghhh..I really am rusty.

Russ