Configuring Subauthentication After Upgrading to IIS 6.0
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
When you upgrade a server to IIS 6.0 from an earlier version of IIS that uses subauthentication to manage passwords on anonymous accounts, subauthentication is enabled by default. The AnonymousPasswordSync Metabase Property is set to true. However, two additional configuration tasks must be completed before subauthentication will work correctly in IIS 6.0. Your event log should have entries about this.
Important
You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer</STRONG>Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).
Procedures
To configure subauthentication after upgrading to IIS 6.0 from an earlier version of IIS configured to use subauthentication
Register Iisuba.dll by opening a command prompt and then typing the following:
rundll32 %windir%\system32\iissuba.dll,RegisterIISSUBA
Run all worker processes that use Anonymous authentication as LocalSystem. For more information about configuring worker process identities, see Configuring Worker Process Identities.
Related Information
For information about configuring subauthentication on a clean installation of IIS 6.0, see Configuring Subauthentication on a New Installation of IIS 6.0.
For information about configuring subauthentication on a new installation of IIS 6.0 that is configured to run in IIS 5.0 isolation mode, see Configuring Subauthentication in IIS 5.0 Isolation Mode.