IIS authentication timeout + ssl redirect?

R

russ leathe

we are using basic and NT authentication for our intranet
sites. Users authenticate to our intranet site via W2K
Active Directory.

Problem is, folks leave public computers while still
logged on. You know, they authenticate, browse around and
then they don't close the browser window. Anyone walking
by can pick up where they left off.

Question(s)

1.) is there a way in AD to automatically log someone off
if they authenticate via the browser (in this case IE 5.5
and better). Some sort of inactivity timer that I can
apply to group policy's specifically for IE? BTW, our web
server farm are W2k's with IIS 5.0.

2.) along the same lines...we maintain 3 public labs with
XP PC's. Folks authenticate using their AD assigned
username and passwords. Problem is, they don't log off.
Is there an AD group policy that forces a logoff after x
amount of minutes of inactivity?

On an other note (IIS questions)...

Is there a way to force SSL via GP using the Internet
Expolorer settings?

Is there a way to force users to goto
https://yourwebserver if they type in http://yourwebserver.
I can do this by doing a redirect within the ASP page.
However, it would be great to do this at the IIS level.
For example, redirect any hit http://yourwebserver/* to
https://yourwebserver/*


much thanks

russ
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top