Microsoft KB Archive/190005

= A site that is set up for anonymous access prompts users for password =

Article ID: 190005

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q190005



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
Users are prompted for a user name and password when logging on to a Web site that has been set up for anonymous access.



CAUSE
You may have to resynchronize the anonymous user account. By default, this is the IUSR_ account. In other words, the password that is listed for the anonymous account under User Manager for Domains differs from the password that is listed for the anonymous account in the Internet Service Manager (ISM).



WORKAROUND
To work around this problem, use one of the following methods:
 * If you are running Microsoft Internet Information Server (IIS) 4.0 and using anonymous user accounts defined on the local computer, consider enabling Automatic Password Synchronization.
 * Manually set the password for the anonymous user account in both the Internet Service Manager (ISM) and the User Manager for Domains to the same value.

Turn on automatic password synchronization in IIS 4.0
Synchronization may not work on a backup domain controller (BDC), or when the original anonymous account has been deleted and re-created. Furthermore, it should not be used with remote computers. The following information is taken from the Online Help in IIS 4.0 is about automatic password synchronization, and it further explains when it should be used.   Enable Automatic Password Synchronization:

When you create a new anonymous account, you must make sure that your Web site and Windows NT password settings are identical. Select this option to automatically synchronize your anonymous password settings with those set in Windows NT.

Important:

Password synchronization should only be used with anonymous user accounts defined on the local computer, not with anonymous accounts remote computers. To turn on automatic password synchronization, follow these steps:
 * 1) In the ISM, open the Web Properties for the Web site.
 * 2) On the Directory Security tab, under Anonymous Access and Authentication Control, click Edit.
 * 3) Under Allow Anonymous Access, click Edit.
 * 4) Verify that the correct user name is listed, and then click to select the Enable Automatic Password Synchronization check box.

IIS 4.0 instructions to manually synchronize passwords
If you choose not to enable automatic password synchronization in IIS 4.0, follow these steps to manually synchronize the user name and password used by both User Manager for Domains and the ISM:
 * 1) In User Manager for Domains, set the password for the anonymous account.
 * 2) In the ISM, open the Web Properties for the Web site.
 * 3) On the Directory Security tab, under Anonymous Access and Authentication Control, click Edit.
 * 4) Under Allow Anonymous Access, click Edit.
 * 5) Set the user name and password to the same settings you specified in User Manager for Domains.

Note The Enable Automatic Password Synchronization check box must be cleared to manually set the password.

(c) Microsoft Corporation 2000, All Rights Reserved. Contributions by Kevin Zollman, Microsoft Corporation.

Additional query words: login logon sign id pass word machine_name MMC machinename username anonomous akz

Keywords: kbpending kbprb KB190005

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.