?
Solved

Unchecked "Allow IIS to control password" brings up login prompt for anon users.

Posted on 2004-08-25
4
Medium Priority
?
1,237 Views
Last Modified: 2008-02-20
Hi,

I'm using IIS5.1 on Windows XP Pro.

I need to have a specific password set for the IUSR_MachineName user. But whenever I uncheck the checkbox "Allow IIS to control password" (under Anonymous access) and set a password in the password field, anonymous users (ie: internet users, anon network users) get a login prompt when they visit my site.

How can I set a password for IUSR_MachineName, but also allow access to anonymous users without showing a login prompt.

Any help is appreciated. I can always increase the points to.

Regards,
Craig.
0
Comment
Question by:CDFx
  • 2
  • 2
4 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 1000 total points
ID: 11896842
You need to set the same password in both the IIS settings and for the account through Computer Management->Local Users and Groups.

If the password between these two locations doesn't match the IUSR account will be unable to log in.

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
ID: 11918439
just another 2c comment...

if you need iusr to have a specific password, i'd suggest that you leave 'allow iis to control password' checked, and just change it at the local users & groups control.

(which i think is what dave is saying anyway)

cheers.
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11919255
Actually if you do this the IUSR account will not use *any* password.  When you allow IIS to control the password you actually enable a process called IIS SubAuthentication where inetinfo.exe effectively generates a token that tells the lcoal machine that this is the IUSR account and should be trusted as such.  If you try to pass this credential to another machine it will show up as NT AUTHORITY/ANNONYMOUS which means no credentials were sent (not that the Anonymous account was used...).

If you need to use the IUSR account and have credentials passed to another machine you *must* manually specify them in both the Metabase and in Users and Groups.  If you set 'Allow IIS to Control Password' it doesn't matter what the password is on the system since it isn't used.

(Took me about 18 months to realize this....) :-)

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
ID: 11924126
an interesting and very subtle difference.  i can see how it would cause some rather unexpected resuts if one were to go down that path.

cheers.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question