|
Home > Archive > IIS Server Security > July 2005 > How to "allow IIS to control anonymous user password"?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to "allow IIS to control anonymous user password"?
|
|
| JoesCat 2005-05-26, 6:00 pm |
| I've seen it, I just don't remember where, the option to "allow IIS to
control the anonymous user password" option is.
--
-Joe
| |
| Duane Laflotte 2005-05-26, 6:00 pm |
| Joe,
1. Right click on your Virtual Directory or Web site in the IIS MMC
and click properties
2. click the Directory Security tab
3. In the Anonymous access and authentication control box click the
Edit... button
4. Check off Allow IIS to control password.
That should do it. Good luck,
--
Duane Laflotte
MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
dlaflotte@criticalsites.com
http://www.criticalsites.com/dlaflotte
"JoesCat" <JoesCat@discussions.microsoft.com> wrote in message
news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com...
> I've seen it, I just don't remember where, the option to "allow IIS to
> control the anonymous user password" option is.
>
> --
> -Joe
| |
| JoesCat 2005-05-26, 6:00 pm |
| Yeah, that's where I thought it would be, too. But, it's NOT!
This is Server 2003, in case that's the difference.
I can fill in the username and password, but there is not a check box to
allow IIS to control it. I remember seeing a checkbox for that option
somewhere.
I tried in the Default Web Site, and a virtual folder (autoupdate) in this
case (this is an SUS server I'm troubleshooting.
Thanks for your reply!
--
-Joe
"Duane Laflotte" wrote:
> Joe,
> 1. Right click on your Virtual Directory or Web site in the IIS MMC
> and click properties
> 2. click the Directory Security tab
> 3. In the Anonymous access and authentication control box click the
> Edit... button
> 4. Check off Allow IIS to control password.
>
> That should do it. Good luck,
>
> --
> Duane Laflotte
> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
> dlaflotte@criticalsites.com
> http://www.criticalsites.com/dlaflotte
>
> "JoesCat" <JoesCat@discussions.microsoft.com> wrote in message
> news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com...
>
>
>
| |
| Duane Laflotte 2005-05-26, 6:00 pm |
| Ahh, Yup that matters. In IIS 5 (and prior) IIS was able to reset or sync
the password due to the fact that it ran as the local system account. Now
in IIS 6, due to valid security concerns, IIS doesnt run as local system and
becuase of that doesnt have the access to the system to change the anonymous
password. I think you are going to have to sync this one by hand.
Good Luck,
--
Duane Laflotte
MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
dlaflotte@criticalsites.com
http://www.criticalsites.com/dlaflotte
"JoesCat" <JoesCat@discussions.microsoft.com> wrote in message
news:7E09DD03-AB70-4C95-B76D-67A72B5C6850@microsoft.com...[vbcol=seagreen]
> Yeah, that's where I thought it would be, too. But, it's NOT!
> This is Server 2003, in case that's the difference.
>
> I can fill in the username and password, but there is not a check box to
> allow IIS to control it. I remember seeing a checkbox for that option
> somewhere.
>
> I tried in the Default Web Site, and a virtual folder (autoupdate) in this
> case (this is an SUS server I'm troubleshooting.
>
> Thanks for your reply!
> --
> -Joe
>
>
> "Duane Laflotte" wrote:
>
MMC[vbcol=seagreen]
| |
| David Wang [Msft] 2005-05-27, 2:48 am |
| We removed that feature from IIS6 due to security concerns.
The feature would require IIS6 to run as LocalSystem, and since security is
more important, IIS6 has to run as Network Service and hence the feature was
removed from clean installs and disabled on upgrades. It should be
synchronized by default, so few people should ever need to change it unless
they start invalidating the anonymous user account, or if they upgrade from
IIS5 with unsynchronized username/password.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"JoesCat" <JoesCat@discussions.microsoft.com> wrote in message
news:7E09DD03-AB70-4C95-B76D-67A72B5C6850@microsoft.com...
Yeah, that's where I thought it would be, too. But, it's NOT!
This is Server 2003, in case that's the difference.
I can fill in the username and password, but there is not a check box to
allow IIS to control it. I remember seeing a checkbox for that option
somewhere.
I tried in the Default Web Site, and a virtual folder (autoupdate) in this
case (this is an SUS server I'm troubleshooting.
Thanks for your reply!
--
-Joe
"Duane Laflotte" wrote:
> Joe,
> 1. Right click on your Virtual Directory or Web site in the IIS MMC
> and click properties
> 2. click the Directory Security tab
> 3. In the Anonymous access and authentication control box click the
> Edit... button
> 4. Check off Allow IIS to control password.
>
> That should do it. Good luck,
>
> --
> Duane Laflotte
> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
> dlaflotte@criticalsites.com
> http://www.criticalsites.com/dlaflotte
>
> "JoesCat" <JoesCat@discussions.microsoft.com> wrote in message
> news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com...
>
>
>
| |
| Ken Schaefer 2005-06-01, 2:49 am |
| It is possible to do - by enabling SubAuthentication, however this is not a
recommended configuration for the reasons given by Duane and David.
Cheers
Ken
--
Blog: www.adopenstatic.com/cs/blogs/ken/
Web: www.adopenstatic.com
"Duane Laflotte" <dlaflotte@criticalsites.com> wrote in message
news:%23YaXaHjYFHA.2508@TK2MSFTNGP15.phx.gbl...
: Ahh, Yup that matters. In IIS 5 (and prior) IIS was able to reset or
sync
: the password due to the fact that it ran as the local system account. Now
: in IIS 6, due to valid security concerns, IIS doesnt run as local system
and
: becuase of that doesnt have the access to the system to change the
anonymous
: password. I think you are going to have to sync this one by hand.
: Good Luck,
:
: --
: Duane Laflotte
: MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
: dlaflotte@criticalsites.com
: http://www.criticalsites.com/dlaflotte
:
: "JoesCat" <JoesCat@discussions.microsoft.com> wrote in message
: news:7E09DD03-AB70-4C95-B76D-67A72B5C6850@microsoft.com...
: > Yeah, that's where I thought it would be, too. But, it's NOT!
: > This is Server 2003, in case that's the difference.
: >
: > I can fill in the username and password, but there is not a check box to
: > allow IIS to control it. I remember seeing a checkbox for that option
: > somewhere.
: >
: > I tried in the Default Web Site, and a virtual folder (autoupdate) in
this
: > case (this is an SUS server I'm troubleshooting.
: >
: > Thanks for your reply!
: > --
: > -Joe
: >
: >
: > "Duane Laflotte" wrote:
: >
: > > Joe,
: > > 1. Right click on your Virtual Directory or Web site in the IIS
: MMC
: > > and click properties
: > > 2. click the Directory Security tab
: > > 3. In the Anonymous access and authentication control box click
the
: > > Edit... button
: > > 4. Check off Allow IIS to control password.
: > >
: > > That should do it. Good luck,
: > >
: > > --
: > > Duane Laflotte
: > > MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
: > > dlaflotte@criticalsites.com
: > > http://www.criticalsites.com/dlaflotte
: > >
: > > "JoesCat" <JoesCat@discussions.microsoft.com> wrote in message
: > > news:89982C2D-E8C3-4794-9526-08E5C3EAEA6F@microsoft.com...
: > > > I've seen it, I just don't remember where, the option to "allow IIS
to
: > > > control the anonymous user password" option is.
: > > >
: > > > --
: > > > -Joe
: > >
: > >
: > >
:
:
| |
| ablankert 2005-07-27, 5:54 pm |
|
'David Wang [Msft Wrote:
> ']We removed that feature from IIS6 due to security concerns.
>
> The feature would require IIS6 to run as LocalSystem, and since
> security is
> more important, IIS6 has to run as Network Service and hence the
> feature was
> removed from clean installs and disabled on upgrades. It should be
> synchronized by default, so few people should ever need to change it
> unless
> they start invalidating the anonymous user account, or if they upgrade
> from
> IIS5 with unsynchronized username/password.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
>
I have the same problem:
I temporarily replaced the anonymous account by another account to
troubleshoot the possibility of permission problems. What steps should
I take to start using the anonymous account again? IIS is running many
other websites.
I manually changed the password as suggested above, but it appeared I
had to change the password for each and every virtual website in IIS.
An other way to do it, would be to delete the whole virtual website and
create it again?
Other suggestions?
--
ablankert
------------------------------------------------------------------------
ablankert's Profile: http://www.highdots.com/forums/member.php?userid=501
View this thread: http://www.highdots.com/forums/showthread.php?t=1306940
|
|
|
|
|