Re: IIS 6.0 Security, Internet Guest Account
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 07/05/03
- Previous message: David Wang [Msft]: "Re: URLSCAN samples"
- In reply to: Berny Zamora: "Re: IIS 6.0 Security, Internet Guest Account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 4 Jul 2003 17:17:07 -0700
What you need to do is to give the right password to the IUSR account (which
you do not know) when you decide to customize the Anonymous User. At this
point, you have two choices:
1. Figure out what the current password for the IUSR is (so that you can set
the correct password for IUSR)
2. Reset the vdir to inherit the existing (and should be correct) IUSR
password
I'll tell you how to do both:
1. (in JScript)
var root = GetObject("IIS://localhost/w3svc");
WScript.Echo("AnonymousUserName: " + root.AnonymousUserName);
WScript.Echo("AnonymousUserPass: " + root.AnonymousUserPass);
2. (On Command line)
CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS DELETE
W3SVC/#/ROOT/VdirName/AnonymousUserName
CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\ADSUTIL.VBS DELETE
W3SVC/#/ROOT/VdirName/AnonymousUserPass
[A variant of 2 is to just delete the vdir in IIS Manager UI and recreate
it]
Where # is the ID of the Website and VdirName is the name of the vdir off of
the website
Be careful to not touch w3svc/AnonymousUserName and w3svc/AnonymousUserPass
because that's where the real information lies. If you mess it up, you're
responsible for re-synchronizing that username/password with the local IUSR
NT user account.
-- //David This posting is provided "AS IS" with no warranties, and confers no rights. // "Berny Zamora" <bjzamora@hotmail.com> wrote in message news:09c401c3409e$c5666b60$a501280a@phx.gbl... Tom: Thanks for the reply. The thing is, I didn't change anything with the NTFS permissions. I checked the NTFS permissions, and the only box that is checked under wwwroot for IUSR_XXX is Deny-Write. I have another test box with the same specs and the IUSR_XXX has the same rights. Also, the article you pointed me to says: "If access is not allowed, IIS attempts to use another authentication method. If none is selected, IIS returns an "HTTP 403 Access Denied" error message to the browser." But, I am not getting an Access Denied. I get the windows login prompt. >-----Original Message----- >"Berny Zamora" <bjzamora@hotmail.com> wrote in message >news:3be801c3408f$7b86d200$a601280a@phx.gbl... >> Hello: >> >> IIS 6.0, Windows 2003 Server Web Edition. >> >> Was playing around with security on our test server and >> changed the Windows user account for anonymouse access >> under IIS >> Web Sites >> Directory Security >> >> Authentication and Access Control, Edit to a different >> account. >> >> Now, I want to use again IUSR_MyComputer. When I put this >> user back in I get prompted for a password when I try to >> enter any of my websites. Enable anonymous access is >> checked, so I am not sure what is going on. >> >> What do I need to do to bring back the IUSR_MyComputer >> account back without getting prompted for login >> information in my websites? > >That account also needs NTFS permissions to the content. >http://www.microsoft.com/technet/prodtechnol/windowsserver 2003/proddocs/standard/gs_authentication.asp > >-- >Tom Kaminski IIS MVP >http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS >http://mvp.support.microsoft.com/ >http://www.microsoft.com/windowsserver2003/community/cente rs/iis/ > > > >. >
- Previous message: David Wang [Msft]: "Re: URLSCAN samples"
- In reply to: Berny Zamora: "Re: IIS 6.0 Security, Internet Guest Account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
