Active Server Pages Auto Configuration Solution

Requirements:

 Windows NT 4 Server

 Service Pack 3 - (http://www.microsoft.com/kb/softlib/mslfiles/NT4SP3_I.EXE)

 IIS 3.0 ? Internet Information Server is the upgrade from IIS 2.0, which shipped with Windows NT 4 Server. You can download IIS3.0 from http://backoffice.microsoft.com/downtrial/moreinfo/iis3.asp.

 ASP 1.0B ? Active Server Pages is part of Service Pack 3. Since SP3 ASP1.0 has been patch to ASP 1.0b. The patch can be found at ftp://ftp.microsoft.com/busys/winnt/winnt-public/fixes/use/nt40/hotfixes-postSP3/asp-fix/readme.1st.

 NT File System ? The ASP Auto Configuration solution is going to use the NTFS permission and NT accounts database to ensure users get the proper Internet Explorer 4.0 settings.

 Active Directory Services Interfaces (ADSI) ? To install ADSI run ADS.exe found in the IEAK Resource Kit. More information about ADSI can be found at http://www.microsoft.com/ntserver/info/adsi.htm.

 

Auto Configuration ASP Setup

  1. Copy autocfg.mdb to the INETPUB directory.
  2. Create a System DSN called autocfg. The System DSN use the Microsoft Access ODBC driver and will point to the autocfg.mdb located in the INETPUB directory.
  3. Copy the following files to a executable virtual directory.(INETPUB\Scripts is an executable virtual directory):

    4. AutoCfg.asp

    CorpAct.asp

    CorpForm.ap

    CorpList.asp

    Default.asp

    Global.asa

  4. All of the ASP files should be given Everyone Full Control and the Internet User Account (IUSR_computer name) should have No Access.
  5. The Global.asa should have Everyone Full Control.
  6. For this example 3 INS files have been included, default.ins; mark.ins; and prod.ins. To make this work for your company changing the names of the INS files and using Profile Manager to change the INS files is highly suggested.
  7. Copy the 3 sample INS files into a Read and Execute directory. Everyone can have Full Control.
  8. After all files have been copied to the proper directories launch Internet Service Manager. In ISM enable both Allow Anonymous and NT Challenge Response authentication options.
  9. Open User Manager for Domains. In your primary domain create the following Groups:

    10. IE_Marketing

    IE_Production

  10. Assign domain users to each of those groups.
  11. Import the AspCfg.asp into your registry. This will configure the proper MIME type for INS files.
  12. Once the above steps have been completed then the server that all this was installed on has to be shut down and restarted.
  13. Using the IEAK, build a Corporate Administrator package. There are two settings that must be set for ASP Auto Configuration to work.
    1. Default.asp is responsible for sending a cookie to the user with the domain and username to be used with ADSI. So Default.asp can either be set as the Welcome page for IE or as the Start Page for IE. The sample Default.asp can be modified, but do not remove any scripting from this file or the cookie that makes the authentication work will no longer function.
    2. When asked in the wizard for the AutoConfiguration URL point to http://servername/scripts/autocfg.asp.

 

How does ASP AutoConfiguration Work

This ASP solution was developed so Corporate Administators can point users to one URL in the AutoConfiguration and have it be smart enough to figure out what type of INS to return to a user based on their logon domain and name.

 The first thing that happens is the user will get a cookie from the default.asp. Default.asp much be launched before executing the autocfg.asp. If it is not launched first then the user will get back the default settings. The cookie will contain the LOGON_USER server variable and an expires date of December 31, 1999. The LOGON_USER variable will only be received properly if the user was authenticated when accessing the default.asp. This is the reason for giving the IUSR account No Access to the ASP files. Now that the user has the cookie autocfg.asp can be launched with success. IE will automatically launch the AutoConfiguration URL when opened. Autocfg.asp will request the cookie and get the LOGON_USER variable. It will then use ADSI to locate this user in the NT accounts database for the domain. The script has been setup to only look at groups that begin with IE_. Once ADSI locates the user in one of the IE_ groups it will then lookup that user in the autocfg.mdb. If it finds a match for the returned group name in the database the INS file from the database will be redirected to the user. If a match is not made the default INS in the database will be redirected to the user.

 

Administration Tools

 CorpList.asp is an easy way of accessing the information in the autocfg.mdb. The listing will show the administrator a list of all the Group names, the Unique GroupID, and the INS file for each. The get a more robust look at the groups launch CorpForm.asp. The form view allows an administrator to update the database without ever using Microsoft Access. Each time a change is made to one of the INS file in Profile Manager the INS entries in the database must be update as well or else the user will never see the updates.