Configuring Subauthentication in a Windows 2000 Domain

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

To use Digest authentication in IIS 6.0 when the domain controller is running Windows 2000 Server, you must enable subauthentication, which is not installed by default on IIS 6.0. There are three steps required to enable subauthentication:

Important

You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer\Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).

Procedures

To register the subauthentication component

  1. From the Start menu, click Run.

  2. In the Open box, type cmd, and then click OK.

  3. At the command prompt, type the following and then press ENTER:

    rundll32 %systemroot%\system32\iissuba.dll,RegisterIISSUBA.

  4. For any application pools that use Digest authentication, set the identity as LocalSystem.

When you no longer want to use subauthentication, unregister the subauthentication component.

To unregister the subauthentication component

  1. From the Start menu, click Run.

  2. In the Open box, type cmd, and then click OK.

  3. At the command prompt, type the following and then press ENTER:

    rundll32 %systemroot%\system32\iissuba.dll,UnregisterIISSUBA.