Restricting Access to Newsgroups

You can control access to individual newsgroups or sets of newsgroups by setting Windows NT Server permissions for the directories that contain those newsgroups. You can set permissions for an individual directory or for a set of directories. (For specific instructions, see Setting Access Permissions for a Directory or File in the IIS online documentation.) You can also limit access to all newsgroups according to the IP address of the client computer.

If you do not want to restrict access to a newsgroup, enable anonymous access and do not set any Windows NT Server directory permissions for the directory that contains the newsgroup. To enable anonymous access, use either Internet Service Manager or Internet Service Manager (HTML). In the Directory Security property sheet, choose Edit, and then select the Allow Anonymous check box.

To restrict access to a newsgroup, you must follow this procedure:

• Create Windows NT Server accounts for users.
  
• Define Windows NT Server permissions for the directory that contains the newsgroup. Be sure to give the local system account full access to all newsgroup directories so that Microsoft NNTP Service has access to its files.
  
• Set the authentication method used by Microsoft NNTP Service.

Create user accounts with User Manager in Windows NT Server. It is recommended that you organize users into groups and then grant permissions by group to simplify administration. If possible, use accounts and groups that are already established in your organization.

Microsoft NNTP Service supports two methods for authentication of users:

• Basic authentication
  
• Windows NT Challenge/Response authentication

To set the authentication method:

1. In either Internet Service Manager or Internet Service Manager (HTML), select the Directory Security property sheet.
   
2. Under Password Authentication Method, choose Edit.
   
3. Select one or more of the following: the Basic Authentication check box, the Windows NT Challenge/Response check box, and the Enable SSL Client Authentication check box. (You have to use Internet Service Manager to configure SSL client authentication.)
   
4. To require SSL authentication, select the Require SSL Client Authentication check box. To associate client certificates with Windows NT user accounts, select the Enable Client Certificate Mapping to Windows NT User Accounts check box, and then choose Client Mappings.

Limiting Access by IP Address

You can limit access to Microsoft NNTP Service by the IP address of the client computer. By default, all IP addresses have access to Microsoft NNTP Service.

You can either allow or deny access to a specific list of IP addresses. IP addresses can be specified individually or as a group using a subnet mask. You can also specify IP addresses using a domain name, but doing so adds the overhead of a DNS lookup for each connection. (For information on how to specify a subnet mask, see Microsoft Windows NT Server Networking Guide.)

To limit access by IP address:

1. In Internet Service Manager, select the Directory Security property sheet.
   
2. Under IP Address and Domain Name Restrictions, choose Edit.
   
3. Choose Granted Access to deny access to a list of IP addresses, or choose Denied Access to allow access to a list of IP addresses.
   
4. Choose Add for each IP address you want to allow or deny.
   
5. Choose one of these options: Single Computer, Group of Computers, or Domain Name. Then proceed as follows:
   • The Single Computer option: In the IP Address box, type the IP address of the computer. (If you don't know the IP address, choose DNS Lookup.)
     
   • The Group of Computers option: In the Network ID box, type the IP address. Then in the Subnet Mask box, type the subnet mask for the group of computers.
     
   • The Domain Name: In the Domain Name box, type the domain name of the computer.
6. Choose OK.

© 1997 Microsoft Corporation. All rights reserved.