Setting the Default Logon Domain

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Users authenticated with Basic authentication must log on with a valid Windows user name and password. The user name usually includes:

  • A Windows domain name.

  • An account user name.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To set the default logon domain

  1. In IIS Manager, right-click the Web Sites folder, Web site, directory, virtual directory, or file, and click Properties.

Note

Configuration settings made at the Web Sites folder level can be inherited by all Web sites.

  1. Click the Directory Security or File Security tab, depending on the level at which you want to configure security settings.

  2. In the Anonymous access and authentication control section, click Edit.

  3. In the Authenticated access section, select the Basic authentication check box.

  4. Because Basic authentication sends passwords over the network unencrypted, a dialog box appears, asking if you want to proceed. Click Yes to proceed.

  5. In the Default domain box, either type the domain name you want to use, or click Select to browse to a new default logon domain. If the Default domain box is filled in, the name is used as the default domain. If the Default domain box is left empty, IIS uses the domain of the computer that is running IIS as the default domain. IIS configures the value of the DefaultLogonDomain Metabase Property, which determines the default domain used to authenticate clients accessing your IIS server using Basic authentication. However, the domain specified by DefaultLogonDomain is used only when a client does not specify a domain in the logon dialog box that appears on the client computer.

  6. Click OK twice.