Solved

Unchecked "Allow IIS to control password" brings up login prompt for anon users.

Posted on 2004-08-25
4
1,138 Views
Last Modified: 2008-02-20
Hi,

I'm using IIS5.1 on Windows XP Pro.

I need to have a specific password set for the IUSR_MachineName user. But whenever I uncheck the checkbox "Allow IIS to control password" (under Anonymous access) and set a password in the password field, anonymous users (ie: internet users, anon network users) get a login prompt when they visit my site.

How can I set a password for IUSR_MachineName, but also allow access to anonymous users without showing a login prompt.

Any help is appreciated. I can always increase the points to.

Regards,
Craig.
0
Comment
Question by:CDFx
  • 2
  • 2
4 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 250 total points
Comment Utility
You need to set the same password in both the IIS settings and for the account through Computer Management->Local Users and Groups.

If the password between these two locations doesn't match the IUSR account will be unable to log in.

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
Comment Utility
just another 2c comment...

if you need iusr to have a specific password, i'd suggest that you leave 'allow iis to control password' checked, and just change it at the local users & groups control.

(which i think is what dave is saying anyway)

cheers.
0
 
LVL 34

Expert Comment

by:Dave_Dietz
Comment Utility
Actually if you do this the IUSR account will not use *any* password.  When you allow IIS to control the password you actually enable a process called IIS SubAuthentication where inetinfo.exe effectively generates a token that tells the lcoal machine that this is the IUSR account and should be trusted as such.  If you try to pass this credential to another machine it will show up as NT AUTHORITY/ANNONYMOUS which means no credentials were sent (not that the Anonymous account was used...).

If you need to use the IUSR account and have credentials passed to another machine you *must* manually specify them in both the Metabase and in Users and Groups.  If you set 'Allow IIS to Control Password' it doesn't matter what the password is on the system since it isn't used.

(Took me about 18 months to realize this....) :-)

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
Comment Utility
an interesting and very subtle difference.  i can see how it would cause some rather unexpected resuts if one were to go down that path.

cheers.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now