Security

Anonymous Authentication and Allow IIS to Control Password

Prior to IIS 4.0, the administrator had to make sure the anonymous user account passwords were the same in both the Internet Services Manager tool and the Windows User Manager. Failure to do so led to logon failures. To solve this dilemma, Password Synchronization was introduced in IIS 4.0 in order to make administration easier.

Password Synchronization uses a slightly different logon method, which has some side effects that will be explained in detail later. By default, IIS password control is enabled. The following figure shows the password control option.

See the following:

• Allowing IIS 5.0 to Control the Anonymous Password
• Not Allowing IIS to Control the Anonymous Password
• The Side Effect of Allowing IIS to Control the Anonymous Password

© 1997-1999 Microsoft Corporation. All rights reserved.