Allowing Anonymous Access to Web Sites
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
Anonymous access, the most common Web site access control method, allows anyone to visit the public areas of your Web sites. In IIS 6.0, anonymous users are assigned by default to the IUSR_computername account, which is a valid Windows account that is a member of the Guests group. The IUSR_computername account can be defined on a computer or on a domain.
Change the account used for anonymous authentication. For more information, see Changing the Account Used for Anonymous Authentication.
Assign the following NTFS permissions on the Web site directory for the anonymous account: Read & Execute, List Folder Contents, and Read. When setting permissions on a Web site, be aware that all subfolders and files inherit these permissions by default. For more information about changing NTFS permissions on a Web site directory, see Setting NTFS Permissions for Directories or Files and "Access Control" in Help and Support Center for Windows Server 2003.
For security reasons, in order to run most executables (such as Cmd.exe) in the system folder, you must be a member of the Administrators group, the LocalSystem, Interactive, or Service account. Because this limits remote access to administrators, an anonymous user will not be able to run these executables (such as a CGI program).
|In IIS 6.0, the IUSR_COMPUTERNAME account has been denied write access to Web content by default.|
For information about creating a user account, see "Creating user and group accounts" in Help and Support Center for Windows Server 2003.
For information about modifying user rights, see "Edit Local Security Settings" or "Edit a Security Setting on a Group Policy Object" in Help and Support Center for Windows Server 2003.