Share via


Configuring Subauthentication After Upgrading to IIS 6.0

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

When you upgrade a server to IIS 6.0 from an earlier version of IIS that uses subauthentication to manage passwords on anonymous accounts, subauthentication is enabled by default. The AnonymousPasswordSync Metabase Property is set to true. However, two additional configuration tasks must be completed before subauthentication will work correctly in IIS 6.0. Your event log should have entries about this.

Important

You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer</STRONG>Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).

Procedures

To configure subauthentication after upgrading to IIS 6.0 from an earlier version of IIS configured to use subauthentication

  1. Register Iisuba.dll by opening a command prompt and then typing the following:

    rundll32 %windir%\system32\iissuba.dll,RegisterIISSUBA

  2. Run all worker processes that use Anonymous authentication as LocalSystem. For more information about configuring worker process identities, see Configuring Worker Process Identities.