Suggested Documentation Change

Aug 31, 2010 at 10:27 PM

Hi,

I spent about 5 minutes trying to figure out why uManage wouldn't save changes back to the AD, then it dawned on me - Anonymous Auth! I disabled Anonymous Auth, and it started to work.

I recommend changing step 12:

12. Once the site is created you also need to enable Windows Authentication. Under the IIS group select Authentication. Select Windows Authentication and click “Enable” in the Actions Pane.

to

12. Once the site is created you also need to enable Windows Authentication, and disable Anonymous Authentication. Under the IIS group select Authentication.

  • Select Windows Authentication and click “Enable” in the Actions Pane.
  • Select 'Anonymous Authentication' and click 'Disable' in the actions pane.

 

I would also recommend making some kind of note in the installer, that the Windows user account requested need not be an Admin account, as it is only used to test the AD connection. And users have the right to change thier own details.

Kind regards,

Geoff

 

 

Coordinator
Aug 31, 2010 at 10:58 PM

Geoff,

You are right about the Authentication mode.  We can make the change to the documentation.  However… you may still get problems, especially with the new portal were certain functions like unlocking user accounts, etc. will not work and throw errors.  The user account specified in the installer like you said does not need to be an admin user, however they do need to be “delegated” user management rights in AD.  We will take the action to update the documentation as you mentioned but also add a separate section on how to delegate rights in AD.  If you don’t do this the system attempts to use the logged in user’s rights to perform all actions, which is fine for most updates but with the new version it will become even more important.

Hope that all makes sense.

Brent

From: muppetgeoff [mailto:notifications@codeplex.com]
Sent: Tuesday, August 31, 2010 5:28 PM
To: bpabst@pabstproductions.com
Subject: Suggested Documentation Change [umanage:225530]

From: muppetgeoff

Hi,

I spent about 5 minutes trying to figure out why uManage wouldn't save changes back to the AD, then it dawned on me - Anonymous Auth! I disabled Anonymous Auth, and it started to work.

I recommend changing step 12:

12. Once the site is created you also need to enable Windows Authentication. Under the IIS group select Authentication. Select Windows Authentication and click “Enable” in the Actions Pane.

to

12. Once the site is created you also need to enable Windows Authentication, and disable Anonymous Authentication. Under the IIS group select Authentication.

  • Select Windows Authentication and click “Enable” in the Actions Pane.
  • Select 'Anonymous Authentication' and click 'Disable' in the actions pane.

I would also recommend making some kind of note in the installer, that the Windows user account requested need not be an Admin account, as it is only used to test the AD connection. And users have the right to change thier own details.

Kind regards,

Geoff

Read the full discussion online.

To add a post to this discussion, reply to this email (umanage@discussions.codeplex.com)

To start a new discussion for this project, email umanage@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com

Aug 31, 2010 at 11:17 PM

Makes sense :)

"also add a separate section on how to delegate rights in AD"

This would be good too; It wasn't clear what rights the user needed. The more detailed the better - we don't like adding more access that we *have* to :)

Many thanks for the swift response!

Geoff

 

Coordinator
Sep 22, 2010 at 10:33 PM

Hey Geoff,

Sorry for the long delay.  I have made all of the documentation changes you suggested.  Take a look and let me know what you think.

Brent