PR-Tracker 6.0 Help
Securing a Web Connection

Glossary Item Box

The specifics of how Internet Information Services (IIS) Manager may be used to configure Web security differ depending on the operating system version and on the version of IIS installed. Therefore, this discussion will be mainly concerned with what configurations may be used and pitfalls to avoid, in contrast to the mechanics of setting the configurations.

Two examples of how to modify IIS security settings are given here:

Using SSL/HTTPS with a login name and password is the most secure option. Microsoft Help and Support describes how to set up SSL/HTTPS on IIS - or use a Web search to find the most current information. In the PR-Tracker Connect Dialog, uncheck Connect without using login name and password and enable Basic Authentication in IIS; also, be sure that anonymous access is disabled in IIS and the other authentication methods available are disabled. This approach requires that each PR-Tracker user also be set up as a Windows user on the server.
Another secure option (though less so than using SSL/HTTPS as described above) is setting up IIS to allow anonymous access - also disabling all types of authenticated access - and setting up PR-Tracker to check the user's domain and login name. Select Setup | Manage Users from the PR-Tracker menu and enter one or more Windows Login(s) for each user. Also click the Set Security Mode button and select the Verify ... option. For more detailed information, please see the PR-Tracker Help topic Managing Users. This approach does not require that each PR-Tracker user be set up as a Windows user on the server.
Regardless of which of the above approaches you choose, you may increase security by permitting access only from a selected IP address or addresses. The drawback of using this feature of IIS is that it may prove too restrictive in some situations and/or may require a higher level of maintenance, so please think about the potential consequences before implementing IP address restrictions.