How to Authenticate a User Against All Trusted Domains

ID: Q168908

The information in this article applies to:
  • Microsoft Internet Information Server versions 2.0, 3.0, 4.0

SUMMARY

By default, Internet Information Server (IIS) validates an unqualified user logon ID against either the local computer's user database or the domain which the server is a member of. This article describes how to configure IIS to validate the unqualified user logon against all trusted domains and the user accounts database.


MORE INFORMATION

To configure IIS to validate the unqualified user logon against all trusted domains and the user accounts database, use the appropriate method:

IIS 4.0


Method 1
  1. Start the IIS Microsoft Management Console (MMC).


  2. Right-click the desired Web site, and then click Properties.


  3. Click the Directory Security tab, and then click Edit in the Anonymous Access and Authentication Control section.


  4. Click Edit for Default domain for basic authentication.


  5. In the Domain Name text box, type a single backslash, "\".


  6. Click OK three times to return to the Internet Service Manager MMC.




Method 2

You can also set the DefaultLogonDomain parameter for IIS 4.0. This parameter has been moved to the metabase for IIS version 4.0. To do this, run Adsutil.vbs from a command prompt, using the appropriate syntax below (depending on whether you want to set DefaultLogonDomain for all FTP sites, only the default FTP site, or other sites):
  • To set DefaultLogonDomain for all FTP sites, run the following command:
    adsutil set msftpsvc/DefaultLogonDomain "DomainName


  • To set DefaultLogonDomain for only the default FTP site, run the following command:
    adsutil set msftpsvc/1/DefaultLogonDomain "DomainName


  • To set DefaultLogonDomain for any other site, use the same syntax as the default FTP site above, but change the "1" parameter to the appropriate service number.



For additional information, please see the following article in the Microsoft Knowledge Base:
Q184319 FTP Service's DefaultLogonDomain Not Available in MMC

IIS 2.0 and 3.0

WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.
  1. Run Registry Editor (Regedt32.exe).


  2. Go to the following key in the registry:
    
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<ServiceName>\Parameters
    where <ServiceName> is:
    
      MSFTPSVCFTP Service
      GOPHERSVCgopher Service
      W3SVC        WWW Service


  3. On the Edit menu, click Add Value, and use the following entry:
    
      Value Name: DefaultLogonDomain
      Data Type:  REG_SZ
      Value:      Domain Name


  4. Exit Registry Editor, and then restart the computer for the change to take effect.


Additional query words:

Keywords :
Version : winnt:2.0,3.0,4.0
Platform : winnt
Issue type : kbhowto


Last Reviewed: September 2, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.