I have set up a Windows 2012 R2 Server not on the domain as I understand that is better security for the IIS server not to be on the domain.
However I want the website user to have read only links to certain documents on an folder that is on one of the computers on the domain.
To set this up I created a work group user with access to the share. In the basic settings of the virtual directory I am attempting to connect as this user. However when I test settings both Authentication and Authorization fail.
Is my thinking right that it is best if the web server is not on the domain? I think the errors may be to do with the error 1219
Is this an internal Web Server? if it is I see no reason why it shouldn't be domain joined. as long as you keep up to date with Patching / Monitoring / best practices.
lots of Server 2012 R2 roles that are domain joined use IIS, From RMS and Federation services to Work Folders.
I don't know about your specific app are there might be other reasons why it needs to be in a work group but IIS can happily be deployed in a domain.