• State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 38 subscribers
  • Views 337 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Odd access errors using active directory

slindemann

I am a little puzzeled over two access errors I see.

I have a number of AD user with admin rights which can login and do most admin feature.However it seems like everything under webserver/.../xxxx is off limit for these users, so only http://webserver/Orion/xxxx

As an example in /NetPerfMon/AllReports.asp I get:

Network Performance Monitor Reports
You do not have access to any Reports at this time.

Please contact the Network Performance Monitor System Administrator to enable access to Reports for AD1\Everyone.

 

And in the /NetPerfMon/Admin/SelectMenuBar.asp I get:

Object Moved
This object may be found here.

 

I can create a static admin user that have these rights without problem, so I believe that the file premissions on the server is okay. To me it seems like some AD premissions is not inherit from /Orion to /NetPerfMon directory. I have seen an other post describing something similar, but with 8.5.1 and I have not been able to find similar differences in my 9.0 SP3 installation.

Any idears?

  • 0

    The error you have quoted is more likely to be that you haven't enabled the users to view reports (in their orion logon, not AD).  See the attached screenshot for the setting, it is under the Account Management area.

  • 0 in reply to CuppaT

    The report folder for both the AD user and the static is /Reports, so this is okay.

  • 0 in reply to slindemann

    Ok, when you say 'static' user, what do you mean exactly?  As far as I am aware there isn't a way to link AD user accounts to user objects within SolarWinds? However, I may be wrong, haven't been using it for long (not finished readingt he manual yet).  So, if you are referring to AD accounts and local (to the server) accounts, how are you securing your orion website, anonymous access?  If so, make sure the IUSR_servername account has read, exectue & list security rights on the c:\inetpub\solarwinds folder and that these permissions are propogated to all objects below that folder.  Also, ensure in IIS that 'Enable anonymous access' is ticked and that the tick boxes under 'Authenticated access' are un-ticked.  This ONLY applies IF you are using anonymous access to access the website.  Hope this helps, if it does not, please try to explain exactly what you mean and I will try again :)

  • 0 in reply to CuppaT

     I dont allow anonymous access to web server, but have these user configured.

    • AD/user1
    • AD/user2
    • AD/Everyone
    • admin

    user1 and 2 have the same permissions and settings as admin. But only the admin user are able to access to the /Report and 'Customize menu bar'.

    If I log in as user1 I get the above mentioned errors. Other items in the web interface is working fine.

    I have AD/Everyone as read, execute and list in the inetpub folder - and user1 and user2 are also a part of everyone? But I will try to add the explicit to the list of allowed users.

    (I am coming from a Linux world, so I have a hard time understand the permission scheme in ISS)

  • 0 in reply to slindemann

    Ok, The easiest way to apply the permissions is at a group level...


    I would create a local group, say 'SWindsUsers' and then add the AD\User1 & AD\User2, etc accounts to this local group, ensure the SWindsUsers group has Read, Read & Execute and List Folder contents on the inetpub\solarwinds folder and ensure that inheritance is enabled so all files/folders obtain the permissions from the root folder (inetpub\solarwinds).  Initially I would also make the SWindsUsers group a member of the local administrators group, ensure that with that configuration the site works exactly as expected for the User1 & User2 accounts.  When you are happy it is working, remove the SWindsUsers group from the local administrators group, log the user off and then back on, check if the site works as you'd expect again.  If it doesn't, double-check the permissions on the sub-folders of inetpub\solarwinds.


    A quick way to enable inheritance would be to use the xcacls.vbs script from microsoft.com (http://support.microsoft.com/kb/825751), save the .vbs file to 'c:\windows\system32\xcacls.vbs' then use the following command line to enable Inheritance on all files and folders under the c:\inetpub\Solarwinds directory.


    cScript c:\windows\system32\xcacls.vbs C:\inetpub\Solarwinds /F /T /S /I Enable


    Hope this helps...

  • 0 in reply to CuppaT

     I did not have any luck, I think I will open a case.

    But thanks for the input.

    Br,

    Steffen Lindemann

  • 0 in reply to slindemann

    No worries, sorry it didn't help.  Please let us know what the outcome is...

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.