How to restrict access to the Lansweeper Web console
You can restrict access to the web console if you wish, only allowing certain groups in your domain to log in. Users will be prompted to enter a name and password. Those who are not part of the specified admin groups will be denied access.
Web server configuration
First you must make sure that your web server is configured correctly. The exact procedure depends on whether you are using IIS, IIS Express or the default UltiDev web server.
If you are unsure whether you have a full or Express version of IIS, check your task manager processes. IIS Express will be listed as IISexpress.exe.
In your web server configuration make sure that anonymous access is disabled and that integrated authentication is enabled.
IIS 6:
IIS 7:
If you can’t find Windows Authentication in your IIS 7 configuration, make sure the option is checked in your Windows Features.
You can find it under Internet Information Services/World Wide Web Services/Security.
Then you can change your configuration in the IIS Manager.
 
In IIS 7 you must also change the application pool of the website to a classic pool!
 
IIS Express:
Open your iisexpress.config file. You can find it in the following directory: %Program Files%\Lansweeper\IISexpress
Locate the following code:
Code:
<authentication>
<anonymousAuthentication enabled="true" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="false">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
Make the following changes, so that windowsAuthentication is enabled and anonymousAuthentication is disabled.
Code:
<authentication>
<anonymousAuthentication enabled=" false" userName="" />
<basicAuthentication enabled="false" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled=" true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
UltiDev:
The following service pack must be installed: .NET Framework 3.5 Service Pack 1
If it has not yet been installed, it should be listed under your available Windows updates.
Open the UltiDev Web App Explorer. You will see the Lansweeper web console listed under Default Shared Host Process.
Select the Authentication tab. Check “Windows - negotiate Kerberos or NTLM” and “Windows - NTLM”, uncheck “Anonymous”.
Hit the "Save config changes" button.
Checking your settings:
You can check if your web server is configured correctly by surfing to the following page:
http://yourwebsite/usertest.aspx
Your server should be configured for NT authentication. If it is configured for anonymous access, your web server settings are incorrect.
Admin groups
When the web server has been properly configured, you can input your allowed user groups.
Open your web.config file. You can find it in the following directory: %Program Files%\Lansweeper\Website
The contents looks like this:
Code:
<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=server;Initial Catalog=lansweeperdb;User ID=lansweeperuser;Password=*****;Connect Timeout=120"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true"/>
</system.web>
</configuration>
Change the code to the following:
Code:
<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_Lansweeper" value="sqlserver.htm"/>
<add key="MM_CONNECTION_STRING_Lansweeper" value="Persist Security Info=False;Data Source=server;Initial Catalog=lansweeperdb;User ID=lansweeperuser;Password=*****;Connect Timeout=120"/>
<add key="MM_CONNECTION_DATABASETYPE_Lansweeper" value="SQLServer"/>
<add key="MM_CONNECTION_SCHEMA_Lansweeper" value=""/>
<add key="MM_CONNECTION_CATALOG_Lansweeper" value=""/>
</appSettings>
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true" />
<authorization>
<allow roles="domain\allowed group" />
<deny users="*" />
</authorization>
<compilation debug="true" strict="false" explicit="true"/>
</system.web>
</configuration>
All users that belong to group "domain\allowed group" will be able to use Lansweeper, all other users will be denied.
"Domain" must be the NetBIOS name of your domain.
If you need multiple groups, you can separate them with commas:
Code:
<allow roles="domain\allowedgroup1,domain\allowedgroup2,domain\allowedgroup3" />
Most requested articles:
|
