I have a web server (2003) IIS6
Whenever a different computer connects to the web site, they get a username
and password request, but "Enable anonymous access" is on for the web site.
If I remove the option "Integrated Windows authentication" then the page
immediately fails to load with "You are not authorized to view this page".
I have come to the conclusion that there are "NTFS access control lists"
that are affecting the logon. That could be because this server was
originally configured as a domain controller with Active Directory. I have
since demoted the machine. When I go through the "Active Directory Users and
Computers" it is empty.
Everything else is working fine I just need anonymous access for remote
users.

Can anyone help?

[ Post a follow-up to this message ]

So it's a member server now ?  if you go to computer management do you see
local users ?
if yes, in the NTFS config screen, just grant permissions to the
iusr_computername account.

--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/


"Paul" <pauln.o.s.p.a.m@laberg.com.au> wrote in message
news:%23rUXQcMjFHA.3448@TK2MSFTNGP10.phx.gbl...
>I have a web server (2003) IIS6
> Whenever a different computer connects to the web site, they get a
> username and password request, but "Enable anonymous access" is on for the
> web site.
> If I remove the option "Integrated Windows authentication" then the page
> immediately fails to load with "You are not authorized to view this page".
> I have come to the conclusion that there are "NTFS access control lists"
> that are affecting the logon. That could be because this server was
> originally configured as a domain controller with Active Directory. I have
> since demoted the machine. When I go through the "Active Directory Users
> and Computers" it is empty.
> Everything else is working fine I just need anonymous access for remote
> users.
>
> Can anyone help?
>

[ Post a follow-up to this message ]

Yes it is a member server now and I see local users through the computer
management interface.
This is going to sound like a really dumb question but here it goes...
Where do I find the NTFS config screen you mentioned? If I search in the
help that was loaded onto the server I get 0 responses for "NTFS
configuration". Under the local user I can't see a way to grant IUSR_
access. Is it under Local Security settings?

Thanks for the help.

"Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
news:%23b8oejQjFHA.3784@tk2msftngp13.phx.gbl...
> So it's a member server now ?  if you go to computer management do you see
> local users ?
> if yes, in the NTFS config screen, just grant permissions to the
> iusr_computername account.
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "Paul" <pauln.o.s.p.a.m@laberg.com.au> wrote in message
> news:%23rUXQcMjFHA.3448@TK2MSFTNGP10.phx.gbl... 
>
>

[ Post a follow-up to this message ]

This explains why you can get "access denied" when anonymous access is
enabled:
http://blogs.msdn.com/david.wang/ar...ymous_User.aspx

This explains some reasons why anonymous access is not working:
http://blogs.msdn.com/david.wang/ar.../>
Denied.aspx

Right now, it sounds like you have somehow configured the IIS anonymous user
account to be an invalid username/password, so IIS fails to logon using that
identity and anonymous authentication fails with access denied.

The solution is to sync up that anonymous user credential in IIS with
reality. How you do this is completely up to you -- you choose the anonymous
user credential and then make sure it has file system ACL for access --
reasoning is all described by the above blog entries

From explorer, you can select and right click Properties on the selected
files/folders to view/edit/change its NTFS ACLs.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Paul" <pauln.o.s.p.a.m@laberg.com.au> wrote in message
news:en$OlmRjFHA.3300@TK2MSFTNGP15.phx.gbl...
Yes it is a member server now and I see local users through the computer
management interface.
This is going to sound like a really dumb question but here it goes...
Where do I find the NTFS config screen you mentioned? If I search in the
help that was loaded onto the server I get 0 responses for "NTFS
configuration". Under the local user I can't see a way to grant IUSR_
access. Is it under Local Security settings?

Thanks for the help.

"Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
news:%23b8oejQjFHA.3784@tk2msftngp13.phx.gbl...
> So it's a member server now ?  if you go to computer management do you see
> local users ?
> if yes, in the NTFS config screen, just grant permissions to the
> iusr_computername account.
>
> --
> Regards,
> Bernard Cheah
> http://www.microsoft.com/iis/
> http://www.iiswebcastseries.com/
> http://www.msmvps.com/bernard/
>
>
> "Paul" <pauln.o.s.p.a.m@laberg.com.au> wrote in message
> news:%23rUXQcMjFHA.3448@TK2MSFTNGP10.phx.gbl... 
>
>

[ Post a follow-up to this message ]

Yes, as David pointed out, you grant the NTFS permission via windows
explorer, here's the similar steps in IIS5.
How To Use NTFS Security to Protect a Web Page Running on IIS 4.0 or 5.0
http://support.microsoft.com/?id=299970

--
Regards,
Bernard Cheah
http://www.microsoft.com/iis/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/


"Paul" <pauln.o.s.p.a.m@laberg.com.au> wrote in message
news:en$OlmRjFHA.3300@TK2MSFTNGP15.phx.gbl...
> Yes it is a member server now and I see local users through the computer
> management interface.
> This is going to sound like a really dumb question but here it goes...
> Where do I find the NTFS config screen you mentioned? If I search in the
> help that was loaded onto the server I get 0 responses for "NTFS
> configuration". Under the local user I can't see a way to grant IUSR_
> access. Is it under Local Security settings?
>
> Thanks for the help.
>
> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
> news:%23b8oejQjFHA.3784@tk2msftngp13.phx.gbl... 
>
>

[ Post a follow-up to this message ]