Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IIS

1 view
Skip to first unread message

Patrick Whittle

unread,
May 30, 2009, 6:26:06 PM5/30/09
to
If I point someone to my server as root ( like http://22.50.209.50/ ) will
the server prompt for user/password by default? People can currently get in
without password prompts, but only if the URL has a sub-folder in it.

Exmpl: http://22.50.209.50/usr


Chris Crowe [IIS MVP]

unread,
May 30, 2009, 11:48:11 PM5/30/09
to
In article <#xP5fWX4...@TK2MSFTNGP03.phx.gbl>,
patrick...@hotmail.com says...

Hi Patrick

This is not normal behavour but you may have configured your server to
allow this:

Things to check:

Authentication scheme at the root - are you allowing anonymous?

What version of IIS are you running?

The IIS Anonymous user account (depends on version and how IIS is
configured) needs access to the files on the disk.

So maybe it does not have access to the root folder - someone may have
removed NTFS permissions for the anonymous user account.

On IIS 5 or IIS 6 (running in IIS 5 Compatibility mode) there is an
account called IUSR_computer name.

IIS6 running in Native Mode has an account called ASPNET (if you are
running ASP.NET) otherwise IUSR_Computer name.

IIS7 has an account called IUSR (or it can be configured with the
application pool identity which defaults to NETWORK_SERVICE but you can
change that.

A simple test may be to run a tool called AUTHDIAG and it can be
downloaded here.

http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=e90fe777-4a21-
4066-bd22-b931f7572e9a&displaylang=en

Note: AUTHDIAG may not be that usefull but probably worth a look.

Chris


--
---------------------
Chris Crowe [IIS MVP]
http://blog.crowe.co.nz

Patrick Whittle

unread,
May 31, 2009, 1:16:19 PM5/31/09
to
The guest account is disabled, so there should not be anonymous access
allowed... Right?
Will the the IUSR_computername account help remedy this? If so, do we need
to manually maintain a database (DHCP/DNS) of all computer names?
The version of IIS I am running is 6.0

"Chris Crowe [IIS MVP]" <bl...@crowe.co.nz> wrote in message
news:MPG.248cc523e...@news.microsoft.com...

Chris Crowe [IIS MVP]

unread,
Jun 1, 2009, 12:44:47 AM6/1/09
to
In article <e6WxEOh4...@TK2MSFTNGP06.phx.gbl>,
patrick...@hotmail.com says...

I may be on the wrong wave length here - do yo want to allow ro restrict
access to anonymous users?

If you want to deny anonymous users you simply can change the
authentication to not allow anonymous - you do not need to disable the
account

Select the web site - right click and select properties.
Go to the Directory Security tab and under "Authentication and Access
Control" section just remove the tick from "Allow anonymous access"

0 new messages