I have a TeamCIty server I wish to use with msdeploy. I have IIS 7.5 on server 2012, with the Web Management Service role enabled. The server has no access to the internet, but is on the LAN, so I used WebPI and did an offline install of WHP_Recommended,
the "Recommended Server Configuration for Web Hosting Providers" package; comes with msdeploy 3.5. The server has 3 drives, C is for the system, D is for software installs and E is for data, as such I have inetpub on E, TeamCity's installed on D, with
it's data directory on E. So I have a gMSA, let's say account$. I have given non-adminWeb Deploy Publishing rights and website IIS Manager permissions to some domain users, as well as making sure the handler and management services are running, but when they try to run msdeploy from a remote workstation they keep getting unauthorized.
I am an admin on the server, and it works for me, but the idea is to give non-admin publishing rights to others. I gave them permissions to the folders themselves and still nothing. I finally opted to add them to the Admin Group. It worked then. For obvious
reasons, this is not the way we want it to go. I'm not sure what I am doing wrong, what else can I do? Does it have anything to do with the fact that installs are all over the place? One such example is:
msdeploy.exe /verb:getsysteminfo /source:webserver,computerName="https://server:8172/msdeploy.axd?site=SiteName",username=domain\username,password=pass123,authType=basic -allowUntrusted=true
Like I said, works for me, an admin, but despite all the rights I've given other users, it still won't let them access it. Any help is greatly appreciated.
UPDATE:
I edited my question as I found the solution in a an old blog from 2011, that led to an MSDN page:
"You can optionally enable users to authenticate with the Web Management Service using NTLM. To do this, update the registry on the server by adding a DWORD key named "WindowsAuthenticationEnabled" under HKEY_LOCAL_MACHINE\Software\Microsoft\WebManagement\Server, and set it to 1. If the Web Management Service is already started, the setting will take effect after the service is restarted."
The problem is that I am making a registry change. I try to avoid regedit if at all possible. There is a "msdeploy.exe.config" file in "C:\Program Files\IIS\Microsoft Web Deploy V3". Is this something that could be edited to enable NTLM authentication? The example file provided with the install does not give some clarity on this topic.