[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Unchecked "Allow IIS to control password" brings up login prompt for anon users.

Posted on 2004-08-25
4
Medium Priority
?
1,223 Views
Last Modified: 2008-02-20
Hi,

I'm using IIS5.1 on Windows XP Pro.

I need to have a specific password set for the IUSR_MachineName user. But whenever I uncheck the checkbox "Allow IIS to control password" (under Anonymous access) and set a password in the password field, anonymous users (ie: internet users, anon network users) get a login prompt when they visit my site.

How can I set a password for IUSR_MachineName, but also allow access to anonymous users without showing a login prompt.

Any help is appreciated. I can always increase the points to.

Regards,
Craig.
0
Comment
Question by:CDFx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 1000 total points
ID: 11896842
You need to set the same password in both the IIS settings and for the account through Computer Management->Local Users and Groups.

If the password between these two locations doesn't match the IUSR account will be unable to log in.

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
ID: 11918439
just another 2c comment...

if you need iusr to have a specific password, i'd suggest that you leave 'allow iis to control password' checked, and just change it at the local users & groups control.

(which i think is what dave is saying anyway)

cheers.
0
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11919255
Actually if you do this the IUSR account will not use *any* password.  When you allow IIS to control the password you actually enable a process called IIS SubAuthentication where inetinfo.exe effectively generates a token that tells the lcoal machine that this is the IUSR account and should be trusted as such.  If you try to pass this credential to another machine it will show up as NT AUTHORITY/ANNONYMOUS which means no credentials were sent (not that the Anonymous account was used...).

If you need to use the IUSR account and have credentials passed to another machine you *must* manually specify them in both the Metabase and in Users and Groups.  If you set 'Allow IIS to Control Password' it doesn't matter what the password is on the system since it isn't used.

(Took me about 18 months to realize this....) :-)

Dave Dietz
0
 
LVL 37

Expert Comment

by:meverest
ID: 11924126
an interesting and very subtle difference.  i can see how it would cause some rather unexpected resuts if one were to go down that path.

cheers.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question