Re: anonymous password



Yes you had the right idea but no, it is not possible to use those dialogs
to reset the anonymous user password to re-inherit. It will not reset
AnonymousUserPass (which is what you want to re-inherit) unless you changed
it's value at the global level... but you can do that only if you knew the
original password (which you don't - you only toggled the anonymous setting,
which doesn't do enough)... which means it is not possible to use the UI to
reset the anonymous user password to re-inherit. In general, the IIS Manager
UI is not good at allowing you to fix your configuration through
re-inheritance.

Without knowing the anonymous password, you can only fix your situation by:
1. using ADSUTIL.VBS FIND AnonymousPassword and then ADSUTIL.VBS DELETE
<The-Bad-Anonymouspassword> so that it would re-inherit from global again
(this is what the blog entry shows)
2. delete the website or vdir which contains the bad AnonymousPassword
property and start over


--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Dave" <noone@xxxxxxxxxxx> wrote in message
news:VJKdnaHXU6ioXTDenZ2dnUVZ_tCdnZ2d@xxxxxxxxxxxxxx
>i thought what i was doing with the parent would have reset the anon
>account. one of the things i did was to go to the parent and remove the
>anon authentication, then reapply it... when i did that, at least in one
>iteration, it asked if i wanted to apply it to the sites that had different
>settings... and it listed the problem site, so i selected that and thought
>it would override the bad setting i had made, but it didn't. deleting the
>site was not really any problem since it didn't have much anyway since i
>was just playing with a web service.
>
> now if i could just figure out how to get rid of some orphaned entries in
> the app pool i made....
>
> "David Wang [Msft]" <someone@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:un0C5XLCGHA.1028@xxxxxxxxxxxxxxxxxxxxxxx
>> Nothing was confused.
>>
>> The UI does *not* delete the anonymous username/password. When you set
>> the username and leave the psasword blank, all you did was set the
>> password to "blank", not delete it to inherit from the parent. This is
>> just how the UI works; as soon as you modify a property, it stops
>> inheriting from the parent no matter what you do, and you can never get
>> it to inherit again unless you delete the website and start over (or
>> reset the value at a parent node at which point you have a one-time
>> opportunity to delete child values to have them re-inherit).
>>
>> I was suggesting that you use adsutil.vbs to directly delete the property
>> that you unknowningly set, but as long as you are satisfied, your
>> alternative to just delete the website works as well.
>>
>> I also suggest you read some of my blog entries to understand what user
>> identity IIS uses to run code and how it associates with the
>> authentication protocol. You don't need to guess
>> http://blogs.msdn.com/david.wang/archive/2005/05/26/IIS_User_Identity_to_Run_Code.aspx
>> http://blogs.msdn.com/david.wang/archive/2005/06/29/IIS_User_Identity_to_Run_Code_Part_2.aspx
>>
>> --
>> //David
>> IIS
>> http://blogs.msdn.com/David.Wang
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> //
>>
>> "Dave" <noone@xxxxxxxxxxx> wrote in message
>> news:zrGdnR1oIcVmxTDenZ2dnUVZ_tqdnZ2d@xxxxxxxxxxxxxx
>>> ah well, wanted to get on with development so deleted the old site and
>>> recreated it fresh, now it works with anonymous access. something was
>>> sure confused.
>>>
>>> "Dave" <noone@xxxxxxxxxxx> wrote in message
>>> news:E8adnUfFHr3qpjDenZ2dnUVZ_s2dnZ2d@xxxxxxxxxxxxxx
>>>> been there, done that... just did it again. i go into the iis snapin,
>>>> right click on the troublesome site and pick properties, go to the
>>>> directory security tab, under authentication and access control i
>>>> press edit, if i retype the iusr_machinename in the account and leave
>>>> the password blank it asks me to confirm the password, which i also
>>>> leave blank... that doesn't fix it. if i browse to find the account it
>>>> doesn't fix it either. browsing for it puts in
>>>> machinename\iusr_machinename and leaves the password field blank. if i
>>>> then edit off the machinename\ part it still seems to leave the
>>>> password blank. i have tried stopping and starting the site in between
>>>> each of these combinations... there must be something else i am missing
>>>> or have messed up.
>>>>
>>>> "David Wang [Msft]" <someone@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:%23z1tqLHCGHA.3572@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Delete the AnonymousUserName and AnonymousUserPass property overrides
>>>>> on that one website so that it re-inherits from the global setting,
>>>>> which should still be in sync since the other 2 sites are ok and also
>>>>> inheriting those properties.
>>>>>
>>>>> This blog entry shows how to synchronize username/password between
>>>>> real NT user and IIS configuration -- which assumes that you control
>>>>> the username/password (which is NOT your current case here -- so in
>>>>> the blog entry where I talk about synchronizing, you are actually
>>>>> interested in deleting the values so that you re-inherit from the
>>>>> parent). But, it contains a bunch of other related info that should be
>>>>> useful.
>>>>> http://blogs.msdn.com/david.wang/archive/2005/12/07/HOWTO_Synchronize_User_Credentials_in_IIS.aspx
>>>>>
>>>>> --
>>>>> //David
>>>>> IIS
>>>>> http://blogs.msdn.com/David.Wang
>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>> rights.
>>>>> //
>>>>>
>>>>> "Dave" <noone@xxxxxxxxxxx> wrote in message
>>>>> news:OOj0gYBCGHA.4040@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> server 2003 running iis, got 3 web sites running. one of them i am
>>>>>> using for developing a web service which i thought was having
>>>>>> security issues... so i was trying changing that site's security
>>>>>> settings. i changed the authorization method a couple times,
>>>>>> including changing the anonymous account to administrator to see if
>>>>>> it would run that way (it didn't, but thats another problem)... when
>>>>>> i put it back to anonymous with iusr_machinename account it still
>>>>>> asks for password when accessed from other machines. the other 2
>>>>>> sites are ok still. i tried a few combinations like going to the
>>>>>> next higher level and turning off anonymous access for all 3 and
>>>>>> applying that then turning it back on, which didn't help... i have
>>>>>> started and stopped and rebooted. it seems like that one site is out
>>>>>> of synch on the anonymous password. how do i get it back??
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.