|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
How to "allow IIS to control anonymous user password"?I've seen it, I just don't remember where, the option to "allow IIS to
control the anonymous user password" option is. -- -Joe Joe,
1. Right click on your Virtual Directory or Web site in the IIS MMC and click properties 2. click the Directory Security tab 3. In the Anonymous access and authentication control box click the Edit... button 4. Check off Allow IIS to control password. That should do it. Good luck, -- Show quoteHide quoteDuane Laflotte MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I dlaflo***@criticalsites.com http://www.criticalsites.com/dlaflotte "JoesCat" <Joes***@discussions.microsoft.com> wrote in message news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com... > I've seen it, I just don't remember where, the option to "allow IIS to > control the anonymous user password" option is. > > -- > -Joe Yeah, that's where I thought it would be, too. But, it's NOT!
This is Server 2003, in case that's the difference. I can fill in the username and password, but there is not a check box to allow IIS to control it. I remember seeing a checkbox for that option somewhere. I tried in the Default Web Site, and a virtual folder (autoupdate) in this case (this is an SUS server I'm troubleshooting. Thanks for your reply! -- Show quoteHide quote-Joe "Duane Laflotte" wrote: > Joe, > 1. Right click on your Virtual Directory or Web site in the IIS MMC > and click properties > 2. click the Directory Security tab > 3. In the Anonymous access and authentication control box click the > Edit... button > 4. Check off Allow IIS to control password. > > That should do it. Good luck, > > -- > Duane Laflotte > MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I > dlaflo***@criticalsites.com > http://www.criticalsites.com/dlaflotte > > "JoesCat" <Joes***@discussions.microsoft.com> wrote in message > news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com... > > I've seen it, I just don't remember where, the option to "allow IIS to > > control the anonymous user password" option is. > > > > -- > > -Joe > > > We removed that feature from IIS6 due to security concerns.
The feature would require IIS6 to run as LocalSystem, and since security is more important, IIS6 has to run as Network Service and hence the feature was removed from clean installs and disabled on upgrades. It should be synchronized by default, so few people should ever need to change it unless they start invalidating the anonymous user account, or if they upgrade from IIS5 with unsynchronized username/password. -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "JoesCat" <Joes***@discussions.microsoft.com> wrote in message Yeah, that's where I thought it would be, too. But, it's NOT!news:7E09DD03-AB70-4C95-B76D-67A72B5C6850@microsoft.com... This is Server 2003, in case that's the difference. I can fill in the username and password, but there is not a check box to allow IIS to control it. I remember seeing a checkbox for that option somewhere. I tried in the Default Web Site, and a virtual folder (autoupdate) in this case (this is an SUS server I'm troubleshooting. Thanks for your reply! -- Show quoteHide quote-Joe "Duane Laflotte" wrote: > Joe, > 1. Right click on your Virtual Directory or Web site in the IIS MMC > and click properties > 2. click the Directory Security tab > 3. In the Anonymous access and authentication control box click the > Edit... button > 4. Check off Allow IIS to control password. > > That should do it. Good luck, > > -- > Duane Laflotte > MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I > dlaflo***@criticalsites.com > http://www.criticalsites.com/dlaflotte > > "JoesCat" <Joes***@discussions.microsoft.com> wrote in message > news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com... > > I've seen it, I just don't remember where, the option to "allow IIS to > > control the anonymous user password" option is. > > > > -- > > -Joe > > > 'David Wang [Msft Wrote:
> ']We removed that feature from IIS6 due to security concerns.
Show quoteHide quote > I have the same problem:> The feature would require IIS6 to run as LocalSystem, and since > security is > more important, IIS6 has to run as Network Service and hence the > feature was > removed from clean installs and disabled on upgrades. It should be > synchronized by default, so few people should ever need to change it > unless > they start invalidating the anonymous user account, or if they upgrade > from > IIS5 with unsynchronized username/password. > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > I temporarily replaced the anonymous account by another account to troubleshoot the possibility of permission problems. What steps should I take to start using the anonymous account again? IIS is running many other websites. I manually changed the password as suggested above, but it appeared I had to change the password for each and every virtual website in IIS. An other way to do it, would be to delete the whole virtual website and create it again? Other suggestions? -- ablankert ------------------------------------------------------------------------ ablankert's Profile: http://www.highdots.com/forums/member.php?userid=501 View this thread: http://www.highdots.com/forums/showthread.php?t=1306940 Ahh, Yup that matters. In IIS 5 (and prior) IIS was able to reset or sync
the password due to the fact that it ran as the local system account. Now in IIS 6, due to valid security concerns, IIS doesnt run as local system and becuase of that doesnt have the access to the system to change the anonymous password. I think you are going to have to sync this one by hand. Good Luck, -- Show quoteHide quoteDuane Laflotte MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I dlaflo***@criticalsites.com http://www.criticalsites.com/dlaflotte "JoesCat" <Joes***@discussions.microsoft.com> wrote in message news:7E09DD03-AB70-4C95-B76D-67A72B5C6850@microsoft.com... > Yeah, that's where I thought it would be, too. But, it's NOT! > This is Server 2003, in case that's the difference. > > I can fill in the username and password, but there is not a check box to > allow IIS to control it. I remember seeing a checkbox for that option > somewhere. > > I tried in the Default Web Site, and a virtual folder (autoupdate) in this > case (this is an SUS server I'm troubleshooting. > > Thanks for your reply! > -- > -Joe > > > "Duane Laflotte" wrote: > > > Joe, > > 1. Right click on your Virtual Directory or Web site in the IIS MMC > > and click properties > > 2. click the Directory Security tab > > 3. In the Anonymous access and authentication control box click the > > Edit... button > > 4. Check off Allow IIS to control password. > > > > That should do it. Good luck, > > > > -- > > Duane Laflotte > > MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I > > dlaflo***@criticalsites.com > > http://www.criticalsites.com/dlaflotte > > > > "JoesCat" <Joes***@discussions.microsoft.com> wrote in message > > news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com... > > > I've seen it, I just don't remember where, the option to "allow IIS to > > > control the anonymous user password" option is. > > > > > > -- > > > -Joe > > > > > > It is possible to do - by enabling SubAuthentication, however this is not a
recommended configuration for the reasons given by Duane and David. Cheers Ken Show quoteHide quote "Duane Laflotte" <dlaflo***@criticalsites.com> wrote in message news:%23YaXaHjYFHA.2508@TK2MSFTNGP15.phx.gbl... : Ahh, Yup that matters. In IIS 5 (and prior) IIS was able to reset or sync : the password due to the fact that it ran as the local system account. Now : in IIS 6, due to valid security concerns, IIS doesnt run as local system and : becuase of that doesnt have the access to the system to change the anonymous : password. I think you are going to have to sync this one by hand. : Good Luck, : : -- : Duane Laflotte : MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I : dlaflo***@criticalsites.com : http://www.criticalsites.com/dlaflotte : : "JoesCat" <Joes***@discussions.microsoft.com> wrote in message : news:7E09DD03-AB70-4C95-B76D-67A72B5C6850@microsoft.com... : > Yeah, that's where I thought it would be, too. But, it's NOT! : > This is Server 2003, in case that's the difference. : > : > I can fill in the username and password, but there is not a check box to : > allow IIS to control it. I remember seeing a checkbox for that option : > somewhere. : > : > I tried in the Default Web Site, and a virtual folder (autoupdate) in this : > case (this is an SUS server I'm troubleshooting. : > : > Thanks for your reply! : > -- : > -Joe : > : > : > "Duane Laflotte" wrote: : > : > > Joe, : > > 1. Right click on your Virtual Directory or Web site in the IIS : MMC : > > and click properties : > > 2. click the Directory Security tab : > > 3. In the Anonymous access and authentication control box click the : > > Edit... button : > > 4. Check off Allow IIS to control password. : > > : > > That should do it. Good luck, : > > : > > -- : > > Duane Laflotte : > > MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I : > > dlaflo***@criticalsites.com : > > http://www.criticalsites.com/dlaflotte : > > : > > "JoesCat" <Joes***@discussions.microsoft.com> wrote in message : > > news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com... : > > > I've seen it, I just don't remember where, the option to "allow IIS to : > > > control the anonymous user password" option is. : > > > : > > > -- : > > > -Joe : > > : > > : > > : :  
Other interesting topics
Problems with authenticated users accessing asp's
Windows 2003 Server and IIS 6.0: Domain users can't access my web site :( Exchange relay for Exchange total newb can't access susadmin page SMTP Relaying Help Wilcard Cert and Site Identifier number IIS6 and Authentication across Servers and Domains IIS 401 - Unauthorized to access the document Script to distinguish between Certificate Authorities (ex. Verisign, Thawte) SSL IIS 6.0 anonymous access |
|||||||||||||||||||||||
