|
Home > Archive > IIS Server Security > July 2006 > Problem with Anonymous Access
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Problem with Anonymous Access
|
|
| Jennifer 2006-07-14, 1:19 pm |
| I have a new Windows 2003 server with IIS. I have set up the default web
page with anonymous access. Everything works fine for a day, but something
happens overnight and my anonymous access quits working. When I try
accessing the site, I am asked for the user id, password, and domain. If I
restart IIS, the anonymous access works again and I can open the site without
it asking for my user info. I cannot find any errors in event viewer or the
logs. Any suggestions would be appreciated.
Jennifer
| |
| David Wang [Msft] 2006-07-15, 1:21 am |
| Read this for what Anonymous Access actually means:
http://blogs.msdn.com/david.wang/ar...
mous_User.aspx
If the machine is joined to the domain, start looking for Group Policy
restrictions against the Anonymous user.
For example, some policies slap time restrictions or logon hours on the
group containing the Anonymous user -- so it works... for a while, and then
it won't work until you re-login (which you are doing by restarting IIS to
flush the cached user token and re-login).
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jennifer" <Jennifer@discussions.microsoft.com> wrote in message
news:EDD2F0D1-6172-4CAF-AC96-111098A4E87B@microsoft.com...
>I have a new Windows 2003 server with IIS. I have set up the default web
> page with anonymous access. Everything works fine for a day, but
> something
> happens overnight and my anonymous access quits working. When I try
> accessing the site, I am asked for the user id, password, and domain. If
> I
> restart IIS, the anonymous access works again and I can open the site
> without
> it asking for my user info. I cannot find any errors in event viewer or
> the
> logs. Any suggestions would be appreciated.
>
> Jennifer
| |
| Jennifer 2006-07-17, 1:19 pm |
| I have a question regarding the account I use for Anonymous Access. I have a
DC that has a domain IUSR_machine name and I also have a member server with
its own IUSR_machine name. My member server's IUSR account is not listed in
AD. Which user account should I be using on my member server? I noticed in
the local policy on the member server that it has the domain IUSR listed in
serveral places.
Jennifer
"David Wang [Msft]" wrote:
> Read this for what Anonymous Access actually means:
> http://blogs.msdn.com/david.wang/ar...
mous_User.aspx
>
> If the machine is joined to the domain, start looking for Group Policy
> restrictions against the Anonymous user.
>
> For example, some policies slap time restrictions or logon hours on the
> group containing the Anonymous user -- so it works... for a while, and then
> it won't work until you re-login (which you are doing by restarting IIS to
> flush the cached user token and re-login).
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
>
> "Jennifer" <Jennifer@discussions.microsoft.com> wrote in message
> news:EDD2F0D1-6172-4CAF-AC96-111098A4E87B@microsoft.com...
>
>
>
| |
| Jennifer 2006-07-18, 1:28 pm |
| I finally think I have things figured out. The domain policy was overwriting
the following rights:
- Access this computer from the network
- Allow logon locally
- Log on as a batch job
The policy was removing the machine's IUSR account and replacing it with
domain accounts. I turned off the three policy settings and everything seems
to be working again.
Thanks.
Jennifer
"David Wang [Msft]" wrote:
> Read this for what Anonymous Access actually means:
> http://blogs.msdn.com/david.wang/ar...
mous_User.aspx
>
> If the machine is joined to the domain, start looking for Group Policy
> restrictions against the Anonymous user.
>
> For example, some policies slap time restrictions or logon hours on the
> group containing the Anonymous user -- so it works... for a while, and then
> it won't work until you re-login (which you are doing by restarting IIS to
> flush the cached user token and re-login).
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
>
> "Jennifer" <Jennifer@discussions.microsoft.com> wrote in message
> news:EDD2F0D1-6172-4CAF-AC96-111098A4E87B@microsoft.com...
>
>
>
|
|
|
|
|