|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Problem with Anonymous AccessI have a new Windows 2003 server with IIS. I have set up the default web
page with anonymous access. Everything works fine for a day, but something happens overnight and my anonymous access quits working. When I try accessing the site, I am asked for the user id, password, and domain. If I restart IIS, the anonymous access works again and I can open the site without it asking for my user info. I cannot find any errors in event viewer or the logs. Any suggestions would be appreciated. Jennifer Read this for what Anonymous Access actually means:
http://blogs.msdn.com/david.wang/archive/2005/05/27/Access_Denied_to_Administrators_or_Anonymous_User.aspx If the machine is joined to the domain, start looking for Group Policy restrictions against the Anonymous user. For example, some policies slap time restrictions or logon hours on the group containing the Anonymous user -- so it works... for a while, and then it won't work until you re-login (which you are doing by restarting IIS to flush the cached user token and re-login). -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Jennifer" <Jenni***@discussions.microsoft.com> wrote in message news:EDD2F0D1-6172-4CAF-AC96-111098A4E87B@microsoft.com... >I have a new Windows 2003 server with IIS. I have set up the default web > page with anonymous access. Everything works fine for a day, but > something > happens overnight and my anonymous access quits working. When I try > accessing the site, I am asked for the user id, password, and domain. If > I > restart IIS, the anonymous access works again and I can open the site > without > it asking for my user info. I cannot find any errors in event viewer or > the > logs. Any suggestions would be appreciated. > > Jennifer I have a question regarding the account I use for Anonymous Access. I have a
DC that has a domain IUSR_machine name and I also have a member server with its own IUSR_machine name. My member server's IUSR account is not listed in AD. Which user account should I be using on my member server? I noticed in the local policy on the member server that it has the domain IUSR listed in serveral places. Jennifer Show quoteHide quote "David Wang [Msft]" wrote: > Read this for what Anonymous Access actually means: > http://blogs.msdn.com/david.wang/archive/2005/05/27/Access_Denied_to_Administrators_or_Anonymous_User.aspx > > If the machine is joined to the domain, start looking for Group Policy > restrictions against the Anonymous user. > > For example, some policies slap time restrictions or logon hours on the > group containing the Anonymous user -- so it works... for a while, and then > it won't work until you re-login (which you are doing by restarting IIS to > flush the cached user token and re-login). > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > > "Jennifer" <Jenni***@discussions.microsoft.com> wrote in message > news:EDD2F0D1-6172-4CAF-AC96-111098A4E87B@microsoft.com... > >I have a new Windows 2003 server with IIS. I have set up the default web > > page with anonymous access. Everything works fine for a day, but > > something > > happens overnight and my anonymous access quits working. When I try > > accessing the site, I am asked for the user id, password, and domain. If > > I > > restart IIS, the anonymous access works again and I can open the site > > without > > it asking for my user info. I cannot find any errors in event viewer or > > the > > logs. Any suggestions would be appreciated. > > > > Jennifer > > > I finally think I have things figured out. The domain policy was overwriting
the following rights: - Access this computer from the network - Allow logon locally - Log on as a batch job The policy was removing the machine's IUSR account and replacing it with domain accounts. I turned off the three policy settings and everything seems to be working again. Thanks. Jennifer Show quoteHide quote "David Wang [Msft]" wrote: > Read this for what Anonymous Access actually means: > http://blogs.msdn.com/david.wang/archive/2005/05/27/Access_Denied_to_Administrators_or_Anonymous_User.aspx > > If the machine is joined to the domain, start looking for Group Policy > restrictions against the Anonymous user. > > For example, some policies slap time restrictions or logon hours on the > group containing the Anonymous user -- so it works... for a while, and then > it won't work until you re-login (which you are doing by restarting IIS to > flush the cached user token and re-login). > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no rights. > // > > "Jennifer" <Jenni***@discussions.microsoft.com> wrote in message > news:EDD2F0D1-6172-4CAF-AC96-111098A4E87B@microsoft.com... > >I have a new Windows 2003 server with IIS. I have set up the default web > > page with anonymous access. Everything works fine for a day, but > > something > > happens overnight and my anonymous access quits working. When I try > > accessing the site, I am asked for the user id, password, and domain. If > > I > > restart IIS, the anonymous access works again and I can open the site > > without > > it asking for my user info. I cannot find any errors in event viewer or > > the > > logs. Any suggestions would be appreciated. > > > > Jennifer > > > 
Other interesting topics
Supressing Public ASP Error Codes
AD & ADAM together in harmony IIS passing server credentials rather than user credentials Getting Ip address of the actual client Flaw in default permissions Web Server Type Secure SFTP Server 404 errors on downloading files Basic Authentication for only one special user SelfSSL and multiple sites in IIS6? |
|||||||||||||||||||||||
