We have a clustered application that required the use of a specific account
for anonymous access.  The application was configured with a local user
account on each node in the cluster and has been working correctly since
November.  This week 2 situations occured that caused both nodes in the
cluster to fail simultaniously.  The issue was traced back to the fact that
the account setup in IIS had been replaced back with the IUSR_Machinename
account.  The machines are tightly controlled and have very limited access
for someone to be able to make a change of this nature.
Is it possible that a windows security patch could have reset this account?
We automate our patching and keep up to date with new patches as they are
released.  The latest round of patches were installed on the 20th Feb.  If
this is not possible could it be something within the cluster that changed
the user account back? (I am doubting this to be the case since the server
has  been running since November without incident).

Any help on this issue is much appreciated.

Steve

[ Post a follow-up to this message ]

As far as I'm aware, no patch should reset these settings. Did you apply any
security templates, or restore a metabase?

are you able to repeat this to pin down what caused it, or is this a
production box? Or can you supply the exact patch details so someone else
can replicate?


--
Jason Brown
Microsoft GTSC, IIS

This posting is provided "AS IS" with no warranties, and confers no rights.




"Steve Marshall" <Steve Marshall@discussions.microsoft.com> wrote in message
news:AD977CC2-30D7-4F23-94E3-F5F467191BEC@microsoft.com...
> We have a clustered application that required the use of a specific
> account
> for anonymous access.  The application was configured with a local user
> account on each node in the cluster and has been working correctly since
> November.  This week 2 situations occured that caused both nodes in the
> cluster to fail simultaniously.  The issue was traced back to the fact
> that
> the account setup in IIS had been replaced back with the IUSR_Machinename
> account.  The machines are tightly controlled and have very limited access
> for someone to be able to make a change of this nature.
> Is it possible that a windows security patch could have reset this
> account?
> We automate our patching and keep up to date with new patches as they are
> released.  The latest round of patches were installed on the 20th Feb.  If
> this is not possible could it be something within the cluster that changed
> the user account back? (I am doubting this to be the case since the server
> has  been running since November without incident).
>
> Any help on this issue is much appreciated.
>
> Steve

[ Post a follow-up to this message ]