IIS anonymous user is a domain user

From: Henry Splatt (henry_splat_at_hotmail.com)
Date: 09/04/03


Date: Thu, 04 Sep 2003 12:44:16 GMT

What are the security rammifications of having an IIS 5.0 box, where the
anonymous user is a domain user as opposed to the normail IUSR_Machine
account?

How would this be amplified, if at all, by having the default Everyone group
with full control on the file system? The box is behind a good firewall.

Thanks for your time,

Henry