During installation, Internet Information Server creates IUSR_computername, a standard user account, as the user name for all anonymous access. A random password is generated for IUSR_computername. Just like any user account, the account is added to the local or domain directory database and can be modified by using User Manager.
The role of a server—as a primary domain controller (PDC), backup domain controller (BDC), or stand-alone server—influences how IUSR_computername user accounts are created and used by Internet Information Server.
If Internet Information Server is installed on a primary domain controller or backup domain controller, the IIS server user account is automatically added to the domain directory services database. All computers in that domain have access to validated users listed in the domain directory services database. The IUSR_computername account automatically becomes a domainwide account and can access resources across the domain.
If Internet Information Server is installed on a stand-alone member server, the IUSR_computername account is a local account. Computers in its domain cannot validate user accounts created on the stand-alone server. To enable access to resources on other servers in the domain if you have installed Internet Information Server on a stand-alone member server, change the default IUSR_computername account to an account with domainwide permissions.
The server role of the computer on which Internet Information Server is installed affects the authority of the IUSR_computername account created during setup. Table 3.1 summarizes these effects.
Table 3.1 Effect of Server Role on IUSR_computername Account Authority
Server role | Anonymous user account created | Account authority |
Member server | Local_computer\IUSR_computername | Local only |
BDC | Domain\IUSR_computername | Domain |
PDC | Domain\IUSR_domainname | Domain |