For successful user identification, authentication, and logon, Internet Information Server goes through a five-step process. During this process, Internet Information Server checks that:
1. The supplied user name and password are valid.
2. There are no specific account restrictions in place.
3. The account is not disabled or locked out.
4. The account password has not expired.
The user is following the correct logon protocol, either local or network.
Of the five situations listed above, the last — using an incorrect logon protocol — is the most common reason that a user cannot access the WWW or FTP service. (The Gopher service only requires anonymous authentication.) For more information on authentication, see Chapter 3, "Server Security on the Internet," in the Windows NT Server Internet Guide.