[miku]

Hi Guys,

I have installed IIS and there seems to be the following stupid problem.

Suppose I have some files in C:\inetpub\wwwroot folder that i want to access using IP like http://IP/file

Now each time I do this it ask me for my password and only when I enter my admin/password it lets me access the file.

I want anonymous access to the sites. I hav enabled anonymous access in IIS config, but it keeps asking me for pass again and again.

Please let me know how to configure this.

Thanks

[DS3Circuit]

Could be a couple of things ...

1. Have you changed the default permissions for your site in the ISM MMC snapin. By default, all non-administrative sites have read access to the IUSER account.

2. You check NTFS permissions in the folders/files so that the annonymous user account IUSER has appropriate access.

[miku]

Thanks,

What I did was added Everyone to access that wwroot folder with read only permission.

But just to clarify something. I always thought that these permission were local to the machine and had nothing to do with remote access. What do you say?

[DS3Circuit]

Nah not at all

These are permissions for ANYONE who interacts with the file system.

Including local, shared folders, published folders, ftp access ... and so on

[Atreyu]

In addition to the appropriate NTFS permissions being granted to the anonymous account on the files in question, the anonymous account must have log-on locally privileges, set in the local group policy snap-in. On domain controllers this privilege is not granted to the IUSR account.

[duhmez]

Logon locally rights doesnt sound right to me for web access on domain contorllers. If this is true then IIS web access will be denied for all users on domain controllers by default, which I don't believe is the default.

Correct me if I'm wrong.........

[clutch]

Quote:

Logon locally rights doesnt sound right to me for web access on domain contorllers. If this is true then IIS web access will be denied for all users on domain controllers by default, which I don't believe is the default.

Correct me if I'm wrong.........

This is another reason why you shouldn't install IIS on a domain controller, as the IIS anonymous user account is typically added by default. Here's a screencap of my DC that has IIS on it (hardened with IISLockdown/URLScan):



As you can see, there's an "IUSR_blah" account under logon on locally, and that is automatically created by default. This is another reason why FTP under IIS while on a DC doesn't work be default, because the users need logon locally rights in order to access the box. It would *seem* like logon from a network permissions would be enough, but they aren't.

[duhmez]

My bad.