?
Solved

Unchecked "Allow IIS to control password" brings up login prompt for anon users.

Posted on 2004-08-25
4
Medium Priority
?
1,206 Views
Last Modified: 2008-02-20
Hi,

I'm using IIS5.1 on Windows XP Pro.

I need to have a specific password set for the IUSR_MachineName user. But whenever I uncheck the checkbox "Allow IIS to control password" (under Anonymous access) and set a password in the password field, anonymous users (ie: internet users, anon network users) get a login prompt when they visit my site.

How can I set a password for IUSR_MachineName, but also allow access to anonymous users without showing a login prompt.

Any help is appreciated. I can always increase the points to.

Regards,
Craig.
0
Comment
Question by:CDFx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 1000 total points
ID: 11896842
You need to set the same password in both the IIS settings and for the account through Computer Management->Local Users and Groups.

If the password between these two locations doesn't match the IUSR account will be unable to log in.

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
ID: 11918439
just another 2c comment...

if you need iusr to have a specific password, i'd suggest that you leave 'allow iis to control password' checked, and just change it at the local users & groups control.

(which i think is what dave is saying anyway)

cheers.
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11919255
Actually if you do this the IUSR account will not use *any* password.  When you allow IIS to control the password you actually enable a process called IIS SubAuthentication where inetinfo.exe effectively generates a token that tells the lcoal machine that this is the IUSR account and should be trusted as such.  If you try to pass this credential to another machine it will show up as NT AUTHORITY/ANNONYMOUS which means no credentials were sent (not that the Anonymous account was used...).

If you need to use the IUSR account and have credentials passed to another machine you *must* manually specify them in both the Metabase and in Users and Groups.  If you set 'Allow IIS to Control Password' it doesn't matter what the password is on the system since it isn't used.

(Took me about 18 months to realize this....) :-)

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
ID: 11924126
an interesting and very subtle difference.  i can see how it would cause some rather unexpected resuts if one were to go down that path.

cheers.
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question