The information in this article applies to:
SYMPTOMSIn Internet Information Server (IIS), you can allow only domain users to access most of the web pages and anonymous users to access specific public web pages using NTFS security permissions. However, you cannot do this if the Internet Information Server is installed on a primary domain controller (PDC). CAUSEIn IIS, you can allow both anonymous and domain users to access the web pages if you select "allow Anonymous" and "Windows NT Challenge/Response" in WWW Service Properties. You can then use the NTFS security permissions to specify access to the Web server contents. IIS creates a special account called IUSR_<ComputerName> for anonymous logons. However, if you install IIS on a PDC, the IUSR_<ComputerName> account becomes a member of Domain Users. As a result, anonymous users have the same access as the Domain Users. RESOLUTION
To correct this problem, remove IUSR_<ComputerName> from Domain User
global group and add it to the Guest group using User Manager for Domains.
Additional query words: prodiis
Keywords : kbnetwork iissecurity |
Last Reviewed: April 30, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |