"Chris Crowe [IIS MVP]" <b***@crowe.co.nz> wrote in message
news:MPG.248cc523efe3eec5989684@news.microsoft.com...
> In article <#xP5fWX4JHA.1***@TK2MSFTNGP03.phx.gbl>,
> patrick_whit***@hotmail.com says...
>>
>> If I point someone to my server as root ( like http://22.50.209.50/ )
>> will
>> the server prompt for user/password by default?  People can currently get
>> in
>> without password prompts, but only if the URL has a sub-folder in it.
>>
>> Exmpl:    http://22.50.209.50/usr
>
> Hi Patrick
>
> This is not normal behavour but you may have configured your server to
> allow this:
>
> Things to check:
>
> Authentication scheme at the root - are you allowing anonymous?
>
> What version of IIS are you running?
>
> The IIS Anonymous user account (depends on version and how IIS is
> configured) needs access to the files on the disk.
>
> So maybe it does not have access to the root folder - someone may have
> removed NTFS permissions for the anonymous user account.
>
> On IIS 5 or IIS 6 (running in IIS 5 Compatibility mode) there is an
> account called IUSR_computer name.
>
> IIS6 running in Native Mode has an account called ASPNET (if you are
> running ASP.NET) otherwise IUSR_Computer name.
>
> IIS7 has an account called IUSR (or it can be configured with the
> application pool identity which defaults to NETWORK_SERVICE but you can
> change that.
>
> A simple test may be to run a tool called AUTHDIAG and it can be
> downloaded here.
>
> http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=e90fe777-4a21-
> 4066-bd22-b931f7572e9a&displaylang=en
>
> Note: AUTHDIAG may not be that usefull but probably worth a look.
>
> Chris
>
>

>
> The guest account is disabled, so there should not be anonymous access
> allowed...  Right?
> Will the the IUSR_computername account help remedy this?  If so, do we need
> to manually maintain a database (DHCP/DNS) of all computer names?
> The version of IIS I am running is 6.0
>
> "Chris Crowe [IIS MVP]" <b***@crowe.co.nz> wrote in message
> news:MPG.248cc523efe3eec5989684@news.microsoft.com...
> > In article <#xP5fWX4JHA.1***@TK2MSFTNGP03.phx.gbl>,
> > patrick_whit***@hotmail.com says...
> >>
> >> If I point someone to my server as root ( like http://22.50.209.50/ )
> >> will
> >> the server prompt for user/password by default?  People can currently get
> >> in
> >> without password prompts, but only if the URL has a sub-folder in it.
> >>
> >> Exmpl:    http://22.50.209.50/usr
> >
> > Hi Patrick
> >
> > This is not normal behavour but you may have configured your server to
> > allow this:
> >
> > Things to check:
> >
> > Authentication scheme at the root - are you allowing anonymous?
> >
> > What version of IIS are you running?
> >
> > The IIS Anonymous user account (depends on version and how IIS is
> > configured) needs access to the files on the disk.
> >
> > So maybe it does not have access to the root folder - someone may have
> > removed NTFS permissions for the anonymous user account.
> >
> > On IIS 5 or IIS 6 (running in IIS 5 Compatibility mode) there is an
> > account called IUSR_computer name.
> >
> > IIS6 running in Native Mode has an account called ASPNET (if you are
> > running ASP.NET) otherwise IUSR_Computer name.
> >
> > IIS7 has an account called IUSR (or it can be configured with the
> > application pool identity which defaults to NETWORK_SERVICE but you can
> > change that.
> >
> > A simple test may be to run a tool called AUTHDIAG and it can be
> > downloaded here.
> >