473,797 Members | 3,204 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Simple anonymous access question

I have what I think is a simple question but I am finding nothing but
complicated answers.

I have a web site running on IIS6. One directory used to use an
alternate account as the anonymous user (not the IUSR_ServerName
account) to connect to a database, etc. Now the pages in that
directory no longer do anything special and I just want to start using
the default IUSR_ServerName account again. I put that account back in,
but what do I put in as the password? I am reading all about security
improvements, network service vs. local system, unprivileged vs.
priveleged, etc. I realize there is no longer a "Let IIS control
password for anonymous account" option, but all I want to know is, HOW
DO YOU GET IT BACK TO THE DEFAULT???

Mar 31 '06 #1
1 2021
(Sorry I realized I unintentionally posted this to the ASP newsgroup)
Ok, I have figured this out - it may not be the bast way, so feel free
to comment. I downloaded the IIS Metabase Explorer (included in the
IIS6.0 resource kit from microsoft.com -
http://www.microsoft.com/downloads/d...DisplayLang=en)
Using metabase explorer, I navigated to (servername) -> LM -> W3SVC and
found the property AnonymousUserPa ss. By default, it doesn't display
secured data, so you have to select View -> Secure Data. Because I
didn't want to reconfigure all of my sites, I didn't want to change
this password, so I copied it and pasted it into IIS where you set the
anonymous account and password. Voila, everything was happy.

This seems silly to me for a couple of reasons. First, every document
I found said you have two options to fix this - enable
sub-authentication and run the directory as LocalSystem (effectively
disabling much of the security enhancements of IIS6.0), or edit the
metabase and change the password to a value know by you. The former
option is a complicated and unnecessary solution to a simple problem.
The latter option would require you to reset the password in IIS on
every site (and every folder in every site using a different
authentication method or account than the main site). Why didn't I
ever find a document that described what I did, which seems to me to be
the easiest way to just get back to the default?!

Another concern is that the password is stored in the metabase in plain
text. (Oh, but that's ok, because no hacker could ever figure out
using metabase explorer and figure out the option of view -> secure
data.?!?!?) Now I know that the IUSR account should have virtually no
privileges other than to read websites, but still, the concept of
storing an account's password in plain text is always disconcerting.

Another concern is the ability to take down every single website on
your server using anonymous access by editing your metabase and
changing the AnonymousUserPa ss property. Sounds like a hacker's dream
come true to me (granted, if they had access to your metabase, there's
probably lots worse things they could do...)

Please correct me in my assumptions if I am incorrect in anything I
have said - I am moving from IIS5 to IIS6, so I'm still learning the
ins and outs of IIS6.

Mar 31 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
27
2399
pre-PEP: Simple Thunks
by: Brian Sabbey | last post by:
Here is a first draft of a PEP for thunks. Please let me know what you think. If there is a positive response, I will create a real PEP. I made a patch that implements thunks as described here. It is available at: http://staff.washington.edu/sabbey/py_do Good background on thunks can be found in ref. . Simple Thunks
Python
2
4816
IIS 5 - GetObject fails with "Restrict Anonymous" enabled on Domain Controllers
by: Gerry | last post by:
I have a developer here with a website running with only "Windows Integrated Authentication" set on a Windows 2000 member server that uses GetObject to get a user's group membership in the domain. This is the code she's using: set adsUser = getobject("WinNT://" & strUsername) for each group in adsUser.groups GrpList = GrpList & lcase(trim(group.name)) & ";" next
ASP / Active Server Pages
1
1698
IIS/NT Security - simple question (I think)
by: Maria | last post by:
How do I stop the NT login popup box from coming up when accessing a web page that has anonymous access disabled, and Integrated Windows authentication set. If I click OK without entering anything in the popup box, it brings up the page, so I know I have access to it. (If I click cancel, it does NOT bring up the page). I just need to stop the box from popping up. Any help would be greatly appreciated.
ASP / Active Server Pages
3
2015
Security difference between replacing IUSR_XXX account and no anonymousaccess
by: Glen Scott | last post by:
Hi, I'm writing an ASP app that administers an ISA server remotely. The fact that it's an ISA server isn't my problem I believe. My question? What is the security difference between disabling anonymous access and using account X from the web client, versus allowing anonymous access but using account X as the account that runs the application? When I configure my web application to allow anonymous access, but set the anonymous process...
ASP / Active Server Pages
14
3401
NT AUTHORITY\ANONYMOUS LOGON --- SQL server
by: John J. Hughes II | last post by:
I have "Computer A" which is running Win2K3 and MS SQL server. And "Computer B" which is running a service that I have created. If I change the service on "Computer B" to run as a user my program is able to connect to the SQL server on "Computer A" correctly. But if I set the service on "Computer B" to run as a local system then I get an error connecting to the SQL on "Computer A" --- "NT AUTHORITY\ANONYMOUS LOGON". I understand why I...
C# / C Sharp
2
2671
How to create obj: "New Outlook.Application" in ASP.NET? (simple)
by: HvG | last post by:
I'm sure this is a trivial question, but I cannot create an Outlook Object from a WebForm app, but can from a console app. or a Windows app. My COM knowledge is very poor sorry. Code----------------------------------------------------------------------------------- Dim oApp As Outlook.Application = New Outlook.Application .... ----------------------------------------------------------------------------------- Exception Details:...
ASP.NET
2
9078
Login failed for NT Authority\Anonymous Logon
by: Adnan Al-Ghourabi | last post by:
Hi, We have an application running on IIS 6.0, on a windows 2003 box. The back-end database, a SQL Server 2000, runs on anohter server, windows 2000. We have enabled integrated authentication, and provided the windows account the appropriate permissions in SQL Server. If running the application locally on the server, the user authenticates fine. When accessing the application remotely, a SQL exception, "Login failed
.NET Framework
13
1576
Function within method (Simple question?)
by: Håkan Johansson | last post by:
Coming from Delphi, I've tried to declare a function within a method, but can't get the compiler to "swollow it". Is it at all possible? That is: SomeMethod() { LocalFunction() {
C# / C Sharp
2
2171
Anonymous Methods scope question
by: Gabe Moothart | last post by:
Hello, In one of my asp.net applications, I create a series of checkboxes, set their properties, and give them an "onChecked" event handler on the fly using an anonymous method. The code looks like this: protected void Page_Load(object sender, EventArgs e) { Dictionary<Guid, stringdataHash = ... //db access foreach(KeyValuePair<Guid, stringrow in dataHash) {
C# / C Sharp
0
10469
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
10209
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
10023
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9066
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7560
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6803
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
1
4135
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3750
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2934
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us