Microsoft KB Archive/168908

= How to authenticate a user against all trusted domains =

Article ID: 168908

Article Last Modified on 6/5/2006

-

APPLIES TO


 * Microsoft Internet Information Server 2.0
 * Microsoft Internet Information Server 3.0
 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q168908



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
By default, Internet Information Server (IIS) validates an unqualified user logon ID against either the local computer's user database or the domain which the server is a member of. This article describes how to configure IIS to validate the unqualified user logon against all trusted domains and the user accounts database.



MORE INFORMATION
To configure IIS to validate the unqualified user logon against all trusted domains and the user accounts database, use the appropriate method:

IIS 4.0 and IIS 5.0
Method 1
 * 1) Start the IIS Microsoft Management Console (MMC).
 * 2) Right-click the desired Web site, and then click Properties.
 * 3) On the Directory Security tab, in the Anonymous Access and Authentication Control section, click Edit.
 * 4) Click Edit for Default domain for basic authentication.
 * 5) In the Domain Name text box, type a single backslash \.
 * 6) Click OK three times to return to the Internet Service Manager MMC.

Method 2
You can also set the DefaultLogonDomain parameter for IIS 4.0. This parameter has been moved to the metabase for IIS version 4.0. To do this, run Adsutil.vbs from a command prompt, using the appropriate syntax below (depending on whether you want to set DefaultLogonDomain for all FTP sites, only the default FTP site, or other sites):  To set DefaultLogonDomain for all FTP sites, run the following command:

adsutil set msftpsvc/DefaultLogonDomain "DomainName

 To set DefaultLogonDomain for only the default FTP site, run the following command:

adsutil set msftpsvc/1/DefaultLogonDomain "DomainName

 To set DefaultLogonDomain for any other site, use the same syntax as the default FTP site above, but change the "1" parameter to the appropriate service number.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

184319 FTP service's DefaultLogonDomain not available in MMC

IIS 2.0 and 3.0
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.  Start Regedt32.exe.  Locate the following key in the registry: <pre class="fixed_text">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<ServiceName>\Parameters where <ServiceName> is: <pre class="fixed_text">     MSFTPSVCFTP Service GOPHERSVCgopher Service W3SVC       WWW Service

</li>  On the Edit menu, click Add Value, and then use the following entry: <pre class="fixed_text">     Value Name: DefaultLogonDomain Data Type: REG_SZ Value:     Domain Name

</li> Quit Registry Editor, and then restart the computer for the change to take effect.</li></ol>

Keywords: kbhowto kbqfe kbhotfixserver KB168908

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.