Re: Bug IIS 6 Anonymous Access

From: Roland Hall (nobody_at_nowhere)
Date: 01/15/05

• Next message: BJ Freeman: "Re: Hiding server name in HTTP HEAD"
• Previous message: HTW: "Hiding server name in HTTP HEAD"
• In reply to: Jeff Cochran: "Re: Bug IIS 6 Anonymous Access"
• Next in thread: David Wang [Msft]: "Re: Bug IIS 6 Anonymous Access"
• Reply: David Wang [Msft]: "Re: Bug IIS 6 Anonymous Access"
• Messages sorted by: [ date ] [ thread ]

Date: Sat, 15 Jan 2005 03:27:43 -0600

"Jeff Cochran" wrote in message
news:41ecd511.602641412@msnews.microsoft.com...
: On Thu, 13 Jan 2005 21:53:00 -0600, "Roland Hall" <nobody@nowhere>
: wrote:
:
: >"David Wang [Msft]" wrote in message
: >news:uDoNqMd%23EHA.2984@TK2MSFTNGP09.phx.gbl...
: >: Thanks for the bug report.
: >:
: >: I talked with the developer and he indicated that your observation is
: >: correct. However, without a PSS support call and accepted bug, it
simply
: >: will not change.
: >:
: >: FYI:
: >: In general, accepted bugs are fixed (how quickly depends on the bug's
: >: priority). However, the decision to accept a bug is not as easy as "it
is
: >: unexpected behavior, so fix it". Product impact, Customer impact,
product
: >: schedule, etc all have to be assessed and triaged/traded off.
: >:
: >: Think about it this way -- in the perfect world, bugs would be fixed
: >without
: >: regressions -- but reality (and much industry research) has shown that
: >: fixing bugs introduce regressions. The question becomes comparing "the
: >cost
: >: of the bug fix/regression" vs "the cost of not fixing the bug". If
there
: >is
: >: a best practice or work-around for the bug, it is often a better
approach
: >: than fixing the bug, and this is what I suggest for your situation.
: >:
: >:
: >: Now, all this discussion/triage does not apply (yet) to future code
work,
: >so
: >: I've filed a bug to have this behavior changed in future IIS releases.
: >:
: >: --
: >: //David
: >: IIS
: >: http://blogs.msdn.com/David.Wang
: >: This posting is provided "AS IS" with no warranties, and confers no
: >rights.
: >: //
: >: "Bryon Sutherland" <bryons@gmail.com> wrote in message
: >: news:1105657421.749478.192700@c13g2000cwb.googlegroups.com...
: >: At some point, before deploying this server to production, I had turned
: >: on Anonymous Access in IIS 6 using my Active Directory account.
: >: Anonymous Access was then turned off, and Basic Auth was turned on (we
: >: use Basic Auth with SSL, not Integrated).
: >:
: >: Everything was fine until I changed the password for my Active
: >: Directory account. I was continuously getting locked out. I finally
: >: traced it back to IIS using my credentials as the "anonymous user".
: >: That feature was TURNED OFF, however it was still trying to
: >: authenticate. My guess is that the software actually tries to
: >: authenticate as the listed user *before* it checks if Anonymous Access
: >: is disabled.
: >:
: >: Putting the IUSR account back in that field has stopped the constant
: >: lockouts for my account.
: >
: >David...
: >
: >That's a really nasty response for something that is your [MSFT's] fault.
:
: If you genuinely feel that this is a major issue for you, you always
: have the right to stop using the software. If enough people feel as
: you do, and choose to not purcahse the software because of this issue,
: then the cost of not fixing the bug rises to the point where it more
: expensive to leave it unfixed. Then it will get fixed. So stop
: buying Microsoft products until this bug is fixed.

Perhaps you're confused. While the error is a ridiculous oversight, it's
the response I took issue with. However, in response to your solution to
walk away, it's hard to walk away from a company with a CEO like this:
http://kiddanger.com/mb/monkeydance.mpeg

-- 
Roland Hall
/* This information is distributed in the hope that it will be useful, but 
without any warranty; without even the implied warranty of merchantability 
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

• Next message: BJ Freeman: "Re: Hiding server name in HTTP HEAD"
• Previous message: HTW: "Hiding server name in HTTP HEAD"
• In reply to: Jeff Cochran: "Re: Bug IIS 6 Anonymous Access"
• Next in thread: David Wang [Msft]: "Re: Bug IIS 6 Anonymous Access"
• Reply: David Wang [Msft]: "Re: Bug IIS 6 Anonymous Access"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: Please Report SP6 bugs! (was Re: Visual Studio SP6) ... the event log: ... 'General access denied error ... I restored the system disk to it's pre-sp6 state and IIS works properly. ... the simplest project code to display the bug. ... (microsoft.public.vb.general.discussion) Re: Please Report SP6 bugs! (was Re: Visual Studio SP6) ... the event log: ... 'General access denied error ... I restored the system disk to it's pre-sp6 state and IIS works properly. ... the simplest project code to display the bug. ... (microsoft.public.vb.controls) Re: Please Report SP6 bugs! (was Re: Visual Studio SP6) ... the event log: ... 'General access denied error ... I restored the system disk to it's pre-sp6 state and IIS works properly. ... the simplest project code to display the bug. ... (microsoft.public.vb.winapi) Re: Please Report SP6 bugs! (was Re: Visual Studio SP6) ... the event log: ... 'General access denied error ... I restored the system disk to it's pre-sp6 state and IIS works properly. ... the simplest project code to display the bug. ... (microsoft.public.vb.syntax) Re: Bug IIS 6 Anonymous Access ... :>: Thanks for the bug report. ... :>: I've filed a bug to have this behavior changed in future IIS releases. ... :>: on Anonymous Access in IIS 6 using my Active Directory account. ... (microsoft.public.inetserver.iis)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint