Solved

Unchecked "Allow IIS to control password" brings up login prompt for anon users.

Posted on 2004-08-25
4
1,144 Views
Last Modified: 2008-02-20
Hi,

I'm using IIS5.1 on Windows XP Pro.

I need to have a specific password set for the IUSR_MachineName user. But whenever I uncheck the checkbox "Allow IIS to control password" (under Anonymous access) and set a password in the password field, anonymous users (ie: internet users, anon network users) get a login prompt when they visit my site.

How can I set a password for IUSR_MachineName, but also allow access to anonymous users without showing a login prompt.

Any help is appreciated. I can always increase the points to.

Regards,
Craig.
0
Comment
Question by:CDFx
  • 2
  • 2
4 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 250 total points
ID: 11896842
You need to set the same password in both the IIS settings and for the account through Computer Management->Local Users and Groups.

If the password between these two locations doesn't match the IUSR account will be unable to log in.

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
ID: 11918439
just another 2c comment...

if you need iusr to have a specific password, i'd suggest that you leave 'allow iis to control password' checked, and just change it at the local users & groups control.

(which i think is what dave is saying anyway)

cheers.
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11919255
Actually if you do this the IUSR account will not use *any* password.  When you allow IIS to control the password you actually enable a process called IIS SubAuthentication where inetinfo.exe effectively generates a token that tells the lcoal machine that this is the IUSR account and should be trusted as such.  If you try to pass this credential to another machine it will show up as NT AUTHORITY/ANNONYMOUS which means no credentials were sent (not that the Anonymous account was used...).

If you need to use the IUSR account and have credentials passed to another machine you *must* manually specify them in both the Metabase and in Users and Groups.  If you set 'Allow IIS to Control Password' it doesn't matter what the password is on the system since it isn't used.

(Took me about 18 months to realize this....) :-)

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
ID: 11924126
an interesting and very subtle difference.  i can see how it would cause some rather unexpected resuts if one were to go down that path.

cheers.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now