Share via

Restricting Access to Newsgroups

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

You can control access to individual newsgroups or sets of newsgroups by setting permissions for the directories that contain those newsgroups. You can set permissions for an individual directory or for a set of directories. You can also limit access to all newsgroups according to the IP address of the client computer.

If you do not want to restrict access to a newsgroup, enable anonymous access and do not set any permissions for the directory that contains the newsgroup. To enable anonymous access, on the NNTP Access Tab, click the Authentication button under Access control, and then select the Allow anonymous check box.

Procedures

To restrict access to a newsgroup

  1. Create Windows user accounts for users. It is recommended that you organize users into groups and then grant permissions by group to simplify administration. If possible, use accounts and groups that are already established in your organization.

  2. Define permissions for the directory that contains the newsgroup. Be sure to give the LocalSystem account full access to all newsgroup directories so that the Network News Transfer Protocol (NNTP) service has access to newsgroup files.

  3. Set the authentication method used by the NNTP service.

The NNTP service supports two methods for authentication of users:

  • Basic authentication

  • Integrated Windows authentication

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

To set the authentication method

  1. In IIS Manager, expand the local computer, right-click the NNTP virtual server, and then click Properties.

  2. On the Access tab, under Access control, click Authentication.

  3. Select one or more of the following:

    • The Allow anonymous check box.

    • The Basic authentication check box.

    • The Integrated Windows Authentication check box.

    • The Enable SSL client authentication check box.

    Important

    If you are going to require only Basic authentication, it is highly recommended that you also enable SSL to prevent user names and passwords from being compromised during transmission.

  4. To require Secure Sockets Layer (SSL) authentication, select the Require SSL client authentication check box.

  5. To associate client certificates with Windows user accounts, select the Enable client certificate mapping to Windows user accounts check box, and then click Client Mappings.