How to Configure Windows Authentication on Windows Vista / 7 Premium

GMz

Step 1: Turn ON All Windows Features at Programs and Features in Control Panel:
---------------------------------------------------------------------------------------

Or at Least Those related with Internet Information Services,
in alternative run the following command

start /w pkgmgr 
/iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASPNET;IIS-NetFxExtensibility;IIS-ASP;IIS-CGI;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-CustomLogging;IIS-Security;IIS-BasicAuthentication;IIS-URLAuthorization;IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementConsole;IIS-ManagementScriptingTools;IIS-ManagementService;IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-LegacySnapIn;WAS-WindowsActivationService;WAS-ProcessModel;WAS-NetFxEnvironment;WAS-ConfigurationAPI

Step 2: Check for available files:
---------------------------------------------------------------------------------------

(The Basic Authentication is available here to guidance, 
if file don't exist you must get it from another version of vista)

- Basic Authentication  (needs C:\Windows\System32\inetsrv\authbas.dll)
- Windows Authentication (needs C:\Windows\System32\inetsrv\authsspi.dll)
- Digest Authentication (needs C:\Windows\System32\inetsrv\authmd5.dll)
- IISCertificateMapping Authentication (needs C:\Windows\System32\inetsrv\authmap.dll)
- CertificateMapping Authentication (needs C:\Windows\System32\inetsrv\authcert.dll)

Step 3: Enable Registry Entries for:
---------------------------------------------------------------------------------------

Check if exists and change or create the keys:

(You must take ownership of this key as administrators group and give it full permissions, 
at the end restore the ownership to NT SERVICE\TrustedInstaller and the permissions changed)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp\Components]
"BasicAuthenticationBinaries"=dword:00000001
"BasicAuthentication"=dword:00000001
"WindowsAuthenticationBinaries"=dword:00000001
"WindowsAuthentication"=dword:00000001
"DigestAuthentication"=dword:00000001
"IISCertificateMappingAuthentication"=dword:00000001
"ClientCertificateMappingAuthentication"=dword:00000001

step 4: Change C:\Windows\System32\inetsrv\config\applicationHost.config
--------------------------------------------------------------------------------------

Check if exists and change or create the keys:

            <authentication>

            ...

                <basicAuthentication enabled="false" />

                <windowsAuthentication enabled="false">
                    <providers>
                        <add value="Negotiate" />
                        <add value="NTLM" />
                    </providers>
                </windowsAuthentication>

                <digestAuthentication enabled="false" />

                <iisClientCertificateMappingAuthentication enabled="false">
                </iisClientCertificateMappingAuthentication>

                <clientCertificateMappingAuthentication enabled="false" />

            ...

            </authentication>

        <globalModules>

            ...

            <add name="BasicAuthenticationModule" image="%windir%\System32\inetsrv\authbas.dll" />
            <add name="WindowsAuthenticationModule" image="%windir%\System32\inetsrv\authsspi.dll" />
            <add name="DigestAuthenticationModule" image="%windir%\System32\inetsrv\authmd5.dll" />
            <add name="IISCertificateMappingAuthenticationModule" image="%windir%\System32\inetsrv\authmap.dll" />
            <add name="CertificateMappingAuthenticationModule" image="%windir%\System32\inetsrv\authcert.dll" />

            ...

        </globalModules>

step 5: Change C:\Windows\System32\inetsrv\config\schema\IIS_schema.xml
--------------------------------------------------------------------------------------

Check if exists and change or create the keys:

(You must take ownership of this key as administrators group and give it full permissions,
at the end restore the ownership to NT SERVICE\TrustedInstaller and the permissions changed)

  <sectionSchema name="system.webServer/security/authentication/windowsAuthentication">
    <attribute name="enabled" type="bool" defaultValue="false" />
    <element name="providers">
      <collection addElement="add" clearElement="clear" removeElement="remove">
        <attribute name="value" type="string" isUniqueKey="true" />
      </collection>
    </element>
    <attribute name="authPersistSingleRequest" type="bool" defaultValue="false" />
    <attribute name="authPersistNonNTLM" type="bool" defaultValue="false" />
    <attribute name="useKernelMode" type="bool" defaultValue="true" />
    <attribute name="useAppPoolCredentials" type="bool" defaultValue="false" />
  </sectionSchema>

0 comments: (+add yours?)

Post a Comment

Subscribe to: Post Comments (Atom)