Prevent all the users from access ECM web app on premise

b.huang · August 14, 2023, 10:00pm

Anyone can help to tell us what is the efficient and safe way to prevent all the users from access ECM web app on premise? Thanks.

gpayne · August 14, 2023, 11:13pm

Don’t give them logons

b.huang · August 14, 2023, 11:32pm

Thank you. I am wondering if we can do something on the ECM app server to prevent all the users from accessing.

MikeGross · August 15, 2023, 12:41pm

Can you be more specific? I don’t want to assume what you mean.

Do you mean -
No ECM access while the person is on the local network?
Only use ECM via ERP document management?
What about remote access via the ECM App?

If it read it like the first reason, then you could manipulate IIS using IP address restrictions and include the local server and Kinetic/ERP App server(s).

I’ve never done this, but it should theoretically work.

b.huang · August 21, 2023, 6:52pm

I means preventing the ECM users from accessing for some time during ECM maintenance.

MikeGross · August 21, 2023, 7:20pm

I found this, although once you start the ECM Server Setup msi to do the update/upgrade, it disables access to the site.

Is it possible to make part of a site on IIS only viewable from localhost ??
http://stackoverflow.com/questions/270284/ddg#22575734

For some one doing it in IIS 8 / Windows 2012

In Server Manager, go to Manage, Add Roles and Features, Next, Next (get to Server Roles), scroll down to Web Server (IIS), expand that row, then expand Web Server, and finally expand Security. Make sure that IP and Domain Restrictions are installed.
In IIS Manager, drill down to the folder that you want to protect and left click select it. In the Features View of that folder select IP and Domain Restrictions In Actions choose Edit Feature Settings. Change 'Access for unspecified clients:' to 'Deny' then OK.
Finally go to 'Add Allow Entry' In the Actions menu. Type in the Specific IP address of your server.

Now only requests coming from your server will be allowed access. Or any server that shares that IP address. So in a small network, the office could share the IP address between all of the PCs in that offices, so all of those PCs could access that folder.

Last but not least is to remember that if your network has a dynamic IP address, then if that IP changes, you will expose your blog admin folder to whoever is using that IP now. Also, everyone on that new IP address will lose access to your that folder…

b.huang · August 23, 2023, 4:39pm

Thank you Mike. Can one just stops the application pool in IIS. No one can access.

gpayne · August 23, 2023, 4:41pm

I am pretty sure the upgrade process stops the services and IIS during the process since it cannot upgrade files in use.

MikeGross · August 23, 2023, 5:25pm

You can stop the app pool manually, but pretty sure the installer/upgrade program will fail if the app pool isn’t running when it queries the ECM services for license and configuration details during its first few steps.