Microsoft KB Archive/188903

= Event Viewer Does Not Show IUSR_machinename Account Logon =

Article ID: 188903

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q188903



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When troubleshooting Internet Information Server (IIS) permission problems, it is often useful to turn on Windows NT auditing for successful and failed logon/logoff events, as suggested by the following article in the Microsoft Knowledge Base:

185874 : How to Troubleshoot Permissions in IIS 4.0

However, sometimes you may not see the IUSR_machinename account being logged on to the system when using anonymous access.



CAUSE
This is a result of the account used for anonymous access being cached by IIS for a short period. If the account is re-used before this period has elapsed, the account is not logged on again, but instead the cached token is used and no event is shown in the event viewer.



WORKAROUND
To record each time the IUSR_machinename account is logged on and off, you can disable the IIS caching of the anonymous user account by setting the PasswordCacheTTL ASO property to zero.

The following sample code can be called from Visual Basic, ASP, and Windows Script Host with minimal changes in each environment and will affect all Web server instances:

Dim oServer Set oServer = GetObject("IIS://LocalHost/W3SVC") oServer.PasswordCacheTTL = 0 oServer.SetInfo Set oServer = Nothing

Please note: There is a performance tradeoff while doing this. The procedure should be restricted to development and debugging only.

Keywords: kbprb KB188903

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.