Re: IIsLockdown|AddsWebAnonUserAcct|Can'tLogin->HELP!

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 01/29/05

• Next message: David Wang [Msft]: "Re: IIS Lockdown and WSH and Distributed Assembly excecute permission denied"
• Previous message: David Martin: "Re: ASP issue"
• In reply to: Phil C.: "IIsLockdown|AddsWebAnonUserAcct|Can'tLogin->HELP!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 29 Jan 2005 01:29:04 -0800

I believe that is documented and by-design. You must have used your
administrator account as an anonymous user on IIS, which is a security
vulnerability.

So, I suggest that you stop using an administrator as anonymous user (you
basically allow anyone in the world to run as administrator on your
machine -- highly insecure) and revert the Web Anonymous Users group
settings.

> I'd also be interested in info documenting what the various computer
> and internet zones mean relative to internet explorer and relative to
> the operating system itself exclusive of the internet.

I would search for this info. I remember seeing URLs documenting what
happens in any IE Internet Zone and what each feature means -- but that is
an IE question, not IIS/Security.

-- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Phil C." <charlestek@rcn.com> wrote in message
news:u0KsI7XBFHA.3596@TK2MSFTNGP12.phx.gbl...
Hi.  I'm running Win XP Pro  Sp2.
After running the iis lockdown tool, my administrator account got changed so
that this account is a member of the Web Anonymous Users.
After rebooting, when I try logging in, I'm immediately logged out.
Removing the Web Anonymous Users fixes things.  Can someone explain what
might
be happening?  I'm also using pivx's qwik-fix security tool which does place
some internet
explorer restrictions.
I'd also be interested in info documenting what the various computer and
internet zones mean relative to internet explorer and relative to the
operating system itself exclusive of the internet.

---

• Next message: David Wang [Msft]: "Re: IIS Lockdown and WSH and Distributed Assembly excecute permission denied"
• Previous message: David Martin: "Re: ASP issue"
• In reply to: Phil C.: "IIsLockdown|AddsWebAnonUserAcct|Can'tLogin->HELP!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Somethings deleting Files ... Stay off the Internet using an Administrator account ... If your not using NTFS, ... I think your still kind of vulnerable to attack from the Internet unless you ... I have BlackIce behind the router. ... (comp.security.firewalls) Re: Disable LAN Card in a User Profile??? ... > get a program like Net Nanny and set it up to lock down the internet ... >> access to programs or installing his game software. ... If I create an Administrator account for him and in the ... (microsoft.public.windowsxp.general) Re: Same question, still no answer!!! ... I want the additional users to be able to get on the internet ... > just as I can on my administrator account. ... for the original post you are AOL'ing about! ... Asking for emailed replies is the height of laziness and ... (microsoft.public.windowsxp.basics) Caanot enable anonymous access via Web ... anonymous users, via the internet, to access our content. ... access the media instantly, without prompt. ... as well as disabled all the NTFS ACL auth plugins. ... (microsoft.public.windowsmedia.server) Re: color of view links? ... the default administrator account. ... >> Check the settings in Internet Options> General> Colors. ... this problem often indicates corruption in the History folder. ... >>> I am using a new Compaq desktop computer that I have upgraded to SP2. ... (microsoft.public.windows.inetexplorer.ie6.browser)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)