Jump to content
Compatible Support Forums
Sign in to follow this  
miku

IIS and anonymous login

Recommended Posts

Hi Guys,

 

I have installed IIS and there seems to be the following stupid problem.

 

Suppose I have some files in C:\inetpub\wwwroot folder that i want to access using IP like http://IP/file

 

Now each time I do this it ask me for my password and only when I enter my admin/password it lets me access the file.

 

I want anonymous access to the sites. I hav enabled anonymous access in IIS config, but it keeps asking me for pass again and again.

 

Please let me know how to configure this.

 

Thanks

Share this post


Link to post

Could be a couple of things ...

 

1. Have you changed the default permissions for your site in the ISM MMC snapin. By default, all non-administrative sites have read access to the IUSER account.

 

2. You check NTFS permissions in the folders/files so that the annonymous user account IUSER has appropriate access.

Share this post


Link to post

Thanks,

 

What I did was added Everyone to access that wwroot folder with read only permission.

 

But just to clarify something. I always thought that these permission were local to the machine and had nothing to do with remote access. What do you say?

Share this post


Link to post

Nah not at all

 

These are permissions for ANYONE who interacts with the file system.

 

Including local, shared folders, published folders, ftp access ... and so on

Share this post


Link to post

In addition to the appropriate NTFS permissions being granted to the anonymous account on the files in question, the anonymous account must have log-on locally privileges, set in the local group policy snap-in. On domain controllers this privilege is not granted to the IUSR account.

Share this post


Link to post

Logon locally rights doesnt sound right to me for web access on domain contorllers. If this is true then IIS web access will be denied for all users on domain controllers by default, which I don't believe is the default.

 

Correct me if I'm wrong.........

Share this post


Link to post
Quote:
Logon locally rights doesnt sound right to me for web access on domain contorllers. If this is true then IIS web access will be denied for all users on domain controllers by default, which I don't believe is the default.

Correct me if I'm wrong.........


This is another reason why you shouldn't install IIS on a domain controller, as the IIS anonymous user account is typically added by default. Here's a screencap of my DC that has IIS on it (hardened with IISLockdown/URLScan):

logon-policy.gif

As you can see, there's an "IUSR_blah" account under logon on locally, and that is automatically created by default. This is another reason why FTP under IIS while on a DC doesn't work be default, because the users need logon locally rights in order to access the box. It would *seem* like logon from a network permissions would be enough, but they aren't.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×