Required IIS Authentication Settings and File Permissions for IM Manager Web Pages

Article:TECH88394  |  Created: 2006-01-10  |  Updated: 2011-11-30  |  Article URL http://www.symantec.com/docs/TECH88394
Article Type
Technical Solution

Product(s)

Issue



If you are experiencing problems with the web pages that are part of the IM Manager Administration Console, Reviewer Console or Personal Archives Console, ensure that the File Permissions for the IM Manager are correct.

Symptoms
The IM Manager installation creates a virtual root within IIS and sets permissions both within IIS and on the files themselves. 



 


Solution



Verify these settings within IIS

The following are the authentication settings required for the IM Manager web site.  If the specified authentication setting is not listed then it must be disabled (or not checked).

Folder

Authentication Settings

immanager

Anonymous Authentication
Integrated Windows Authentication

admin
common
docs
images
nav

Anonymous Authentication

public
winlogon

Integrated Windows Authentication

    Windows 2000/2003
      1. Open the IIS Administrator MMC plugin.
      2. Expand Web Sites|Default Web Site|immanager.
      3. Starting with the immanager folder right-click on the folder and choose Properties.
      4. Click the Directory Security tab.
      5. Click the Edit... button for the Authentication and access control section.
      6. Enable the appropriate authentication settings as described in the table above.  Or disable other authentication settings if they are enabled. Click the OK button to apply the settings.
      7. Perform the same steps for each directory listed in the table above.
      8. Restart IIS by performing an iisreset from a command prompt.
         
    Windows 2008

      NOTE: Prior to using these steps it is necessary to unencrypt the IM Manager web.config file using the steps in this article: Error Message When Viewing Authentication Configuration In IIS MMC Snap In: "Configuration section encryption is not supported".

      1. Open the IIS Administrator from Start|Administrative Tools|Internet Information Services (IIS) Manager.
      2. Expand the server tree on the left hand side of the snap-in.
      3. Expand Sites|Default Web Site|immanager.
      5. Starting with the immanager folder double click on IIS|Authentication (in the main window). This brings up the list of authentication methods of the folder.
      6. Enable the appropriate authentication settings as described in the table above.  Or disable other authentication settings if they are enabled. Click the OK button to apply the settings.
      7. Perform the same steps for each directory listed in the table above.
      8. Restart IIS by performing an iisreset from a command prompt.

      Perform the same steps for each directory listed in the table above.
      Restart IIS by performing an iisreset from a command prompt.



Verify File System Settings

Within the file system of the server, check the <installdir>\IMManager\IMLogWeb\ folder. Each sub-folder should have full control for the administrators group. Each sub-folder should permit the Users group to Read & Execute, List Folder Contents, and Read.

Within <installdir>\IMManager\IMLogWeb\winlogon\, the following files should permit Administrators full control, and no other accounts:
 


    1. Configure the file system permissions to only allow Administrators access.
      a. Open Windows Explorer.
      b. Open the file system <installdir>\IMManager\IMLogWeb\winlogon\ in Windows Explorer.
      c. Multi-select the following files (or perform this step on each individual file) and select Properties.
        IMAdminBulkUploadFileAction.asp
        IMAdminConfigAction.asp
        IMAdminGetObjects.asp
        IMAdminLicenseUploadAction.asp
        IMAdminLogon.asp
        IMAdminSchedTask.asp
        IMAdminUploadAction.asp

    d. Click the Security tab.
    e. Remove any account other than Administrators and SYSTEM.
    f. Ensure that the Administrators and SYSTEM accounts have Full Control.




 




Legacy ID



2007802545487998


Article URL http://www.symantec.com/docs/TECH88394


Terms of use for this information are found in Legal Notices