Disabling Anonymous Access for an Application, Virtual Directory, or Web Site
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
Integrated Windows authentication is the default authentication method for Windows Server 2003 operating systems. It is required for applications, virtual directories, or Web sites that use URL authorization. Anonymous access is not permitted.
|You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".|
In IIS Manager, expand the local computer and then expand the Web Sites folder.
Do one of the following:
Expand the Web site that contains the application for which you want to configure URL authorization, right-click the application directory, and then click Properties.
Expand the Web site that contains the virtual directory for which you want to configure URL authorization, right-click the virtual directory, and then click Properties.
Right-click the Web site where you want to configure URL authorization, and then click Properties.
Click the Directory Security tab, and in the Authentication and access control section, click Edit.
Clear Enable anonymous access, ensure that Integrated Windows authentication is checked in the Authenticated access section, and then click OK.
For more information about Integrated Windows authentication, see Integrated Windows Authentication in IIS 6.0.