Re: IIS Anonymous Login
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 04/15/04
- Next message: Bernard: "Re: securing IUSR"
- Previous message: Bernard: "Re: IIS 6 Basic Authentication Changes??????"
- In reply to: Mike: "Re: IIS Anonymous Login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Apr 2004 14:33:22 +0800
I disabled this in my IIS boxes, I do manual sync if I changed the password.
and in IIS 6 by default this is disabled.
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Mike" <anonymous@discussions.microsoft.com> wrote in message news:1c92f01c42259$5c4647c0$a301280a@phx.gbl... > Thanks for the reply. Should I also allow IIS to manage > the password? > > > >-----Original Message----- > >On Tue, 13 Apr 2004 16:13:01 -0700, "Michael" > ><anonymous@discussions.microsoft.com> wrote: > > > >>I am building an intranet server within our > environment. > >>I would like the user to use the anonymous login. The > >>question I have is the account used for the anonymous > >>login. Should the IUSR_USERNAME reside on the domain or > >>on the local server. Are there any security risks? > > > >If an account is compromised, being a domain account > gains the hacker > >more access capabilities. Unless you have a reason to > make it a > >domain account, use a local account. Or authenticate for > your > >intranet and use IE to pass the credentials seemlessly. > > > >Jeff > >. > >
- Next message: Bernard: "Re: securing IUSR"
- Previous message: Bernard: "Re: IIS 6 Basic Authentication Changes??????"
- In reply to: Mike: "Re: IIS Anonymous Login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
