anonymous authentication and iis 6

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: ben h (hairyguard-newsgroups_at_yahoo.co.uk)
Date: 12/23/04 

Date: Thu, 23 Dec 2004 12:55:39 +1100

Hi, having stupid problems with a newly created web on windows server
2003 / IIS6.0.

Essential question for this post: How can I allow anon access to VPN
client browsers? Read on...

The web is currently the only web site on the server. I have enabled
anon access, and used the default IUSR_... account for this. As it
happens I have also left checked the 'Integrated Windows Authentication'
access box.

I have ensured that the IUSR_... account on the local machine also has
the correct NTFS file system permissions on the directory and
sub-folders/files for the web resource files (i.e. the ASP and HTML
pages). The NTFS permissions are 'Read & Execute', 'List Folder
Contents' and 'Read'. I have checked that there are no other special
Deny permissions set as well.

I connect to the box via a Nortel VPN client, other users will do the
same I believe. They may also be part of a sub-domain, but I haven't
really been told.

Once VPN'd in I browse to the root of the web from my PC, but a login
dialog appears. Why does the dialog appear when I have anon acess
enabled? Obviously when I browse to the web locally from the server it
comes up no problems.
Anyway, two variations here:
1. I log in using a local domain account for the server,
2. I don't log in (Cancel the dialog).

When I do #1 I get through. But why do I need to authenticate when anon
access is allowed?

When I do #2 I get 403-3 - Unauthorised due to ACL on Resource. Why? The
NTFS permissions are set for the anon user (IUSR_...) to allow read etc.

If I go back to inetmgr and UN-check the 'Integrated Windows
Authentication' access box, then browse the web I immediately get a
403-1 http Error. Why? I have anon access enabled!

I really don't understand what I'm doing, but I guess you realise that
by now :)

I hope I've given all the info required. Any more just ask.

Ben

Relevant Pages

  • Re: FTP, Cable internet, win2k server, router, help...
    ... >i'm new to setting up FTP and i can't get this to work. ... >the request it forwards the request to my server, ... i don't want anon access, only accounts that i setup to ... errors do you get when it's not using anonymous access? ...
    (microsoft.public.inetserver.iis.ftp)
  • RE: Exchange ActiveSync - Trace and IIS Settings
    ... - Device appears to connect - prompts that server supports sync on arrival ... - server sync on device fails during 'looking for changes' ... xyz.local] - No Anon Access ... MS-ASProtocolVersion: 2.0 ...
    (microsoft.public.windows.server.sbs)
  • ActiveSync - OMA Problem
    ... - Device appears to connect - prompts that server supports sync on arrival ... - server sync on device fails during 'looking for changes' ... xyz.local] - No Anon Access ... MS-ASProtocolVersion: 2.0 ...
    (microsoft.public.exchange.connectivity)
  • Re: Task Scheduler: Properties of Task inactive
    ... user account from a Windows 2003 server to the "sheduled task" share on a ... Windows 2000 server, it's possible to view and edit the job properties. ... > Could be an issue with the NTFS permissions for the job file. ...
    (microsoft.public.win2000.general)
  • NTFS permissions
    ... I cannot delete a certain folder in my new Windows 2000 Server! ... original NTFS permissions from the volume of the RAID1 mirror. ...
    (microsoft.public.win2000.security)