Changing the Account Used for Anonymous Authentication
Updated: August 22, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
You can change the account that is used for Anonymous authentication in IIS Manager, either at the Web server service level or for individual virtual directories and files. You can also change the security settings for the IUSR_computername account in Windows by using the Group Policy Manager snap-in of the Microsoft Management Console (MMC). However, if the anonymous user account does not have permission to access a specific file or resource, your Web server will refuse to establish an anonymous connection for that resource. For more information, see Securing Sites with Web Site Permissions.
|When you change the IUSR_computername account, the changes affect every anonymous HTTP request that a Web server processes. Use caution if you modify this account.|
|You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".|
In IIS Manager, double-click the local computer; right-click the Web Sites folder, an individual Web site folder, a virtual directory, or a file; and then click Properties.
Note Configuration settings made at the Web Sites level are inherited by all of the Web sites on the server. You can override inheritance by configuring the individual site or site element.
Click the Directory Security or File Security tab, and then, in the Authentication and access control section, click Edit.
Select the Enable anonymous access check box.
Click Browse and type or browse to the valid Windows user account that you want to use for anonymous access.
Click OK three times.