We recently migrated from a Win2k/iis5 web server to another server with
Win2k3/iis6.  For a virtual directory we have password protected an
individual file, disabled Anonymous access in iis for the file, removed the
anonymous user from NTFS perms on the file and added a new user in the NTFS
perms that people can use to access this file.  The problem is that when
someone browses the file by entering the new user credentials, links in the
file that go to anonymously accessible pages attempt access using the new
user credentials.  We only gave permissions for the new user on the one
protected file so when clicking on the links auth is asked for, it fails and
never attempts to use the anonymous user.  Why?  How can I change this?

Thanks in advance,
Matt

[ Post a follow-up to this message ]

I am not sure why you did not encounter that behavior before, as it is
not new to IIS 6.  Perhaps your anonymous access areas before were
ACL'd more loosely than your recall, such as with a grant to Users or
Network and Interactive.

--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"Matt" <matt@nospam.com> wrote in message
news:uehadZdzGHA.1288@TK2MSFTNGP03.phx.gbl...
> We recently migrated from a Win2k/iis5 web server to another server with
> Win2k3/iis6.  For a virtual directory we have password protected an
> individual file, disabled Anonymous access in iis for the file, removed
> the anonymous user from NTFS perms on the file and added a new user in the
> NTFS perms that people can use to access this file.  The problem is that
> when someone browses the file by entering the new user credentials, links
> in the file that go to anonymously accessible pages attempt access using
> the new user credentials.  We only gave permissions for the new user on
> the one protected file so when clicking on the links auth is asked for, it
> fails and never attempts to use the anonymous user.  Why?  How can I
> change this?
>
> Thanks in advance,
> Matt
>

[ Post a follow-up to this message ]

Hi Roger,

Yes, your right.  The other servers permissions were looser, and that must
be why it was working.  Is there a way to have the anonymous access tried if
or when the current user is denied?

Thanks,
Matt

"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:uOPg%23DlzGHA.3752@TK2MSFTNGP02.phx.gbl...
>I am not sure why you did not encounter that behavior before, as it is
> not new to IIS 6.  Perhaps your anonymous access areas before were
> ACL'd more loosely than your recall, such as with a grant to Users or
> Network and Interactive.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
> MCDBA,  MCSE W2k3+W2k+Nt4
> "Matt" <matt@nospam.com> wrote in message
> news:uehadZdzGHA.1288@TK2MSFTNGP03.phx.gbl... 
>
>

[ Post a follow-up to this message ]