Groups | Blog | Home
all groups > iis security > october 2005 >

iis security : need default iuser password for iis 6.0


radial NO[at]SPAM gmail.com
10/20/2005 6:36:01 AM
I had to change the anon account a web site used, now i want to change
it back to iuser_machinename but i dont know the password.

The searches i've done showed i can tell the password using the
metabase, and i got the metabase explorer but cant find users in there.

i have found wehre you can use adsutil to get the password, but cant
find the exact syntax of the command to perform that task.

dont want to change the iuser password, i would have to change all my
other websites to use that password as well for the iuser

dont want to delete the site and recreate it, i had trouble with the
front page extensions installing the first time

i just need to know the default iuser password please. thanks

thanks
Miha Pihler [MVP]
10/20/2005 9:31:11 PM
Hi,

There is no "default" password for IUSR account. When you install IIS on the
computer the installation process will create IUSR account and assign it
randomly generated password.

--
Mike
Microsoft MVP - Windows Security

[quoted text, click to view]

Phil Hart
10/21/2005 6:13:50 AM
ok, that answer was simple enough

all i needed to know and i couldnt find that anywhere

thanks!
Chris Cichocki
10/24/2005 6:33:03 AM
If you have at least one other place where it is configured, you should be
able to use WMI to retrieve it. Try downloading the "Scriptomatic 2.0" from
Microsoft and playing with all of the sample IIS scripts that it creates.
Look for the IUSR or IWAM anonymous user in the output from the scripts and
you'll see what I mean. Unfortunately, I'm at work and we our script blocker
is keeping me from running the tool (it's an HTA application and we consider
them "unsafe"), but it should only take you a few minutes to figure it out.

You can find the tool here:
go.microsoft.com/?linkid=2535763

Chris

[quoted text, click to view]
Chris Cichocki
10/24/2005 6:59:03 AM
Where there's a will, there's a way... I got the Scriptomatic tool working
now.

What you need to do is select "root\MicrosoftIISv2" from the WMI Namespace
drop down, then pick one of the "WMI Class"es from the other drop down. As
an example, pick the "IISWebServerSetting" WMI Class and then look for the
"AnonymousUserName" and "AnonymousUserPassword" settings in the output.

Chris

[quoted text, click to view]
Phil Hart
10/26/2005 6:22:57 AM
thank you so much for your help Chris!
Chris Cichocki
10/26/2005 7:27:01 AM
You're welcome.

[quoted text, click to view]
Chris Cichocki
10/28/2005 7:06:04 AM
Phil-

I know that you probably already have your problem solved, but I think there
may be a be better solution - and a way for you to learn more about how IIS
configurations work...

I found an article in the latest TechNet Magazine called "Discover the
MetaBase" and it talks about using the Metabase Explorer tool available from
the IIS Resource kit. (links included below) That's a really helpful tool
in learning how things are ACTUALLY configured behind the scenes.

One thing that is not immediately obviuos is the fact that MOST of the
settings for a virtual directory are actually inherited from a base
configuration for IIS. If you open the metabase explorer and leave the
inherited attributes visibility turned off, you'd see that a typical
configuration for an virtual directory has only about 7 settings - the rest
of the settings are inherited. So, when you change the user name and
password for virtual directory anonymous user, you're actually overriding the
default settings of the base IIS configuration (you can see them when you
click on W3SVC in the Metabase Explorer). If you simply delete your
overrides, it will default back to the original settings for the IIS
configuration.

The first time I ever exported a virtual directory configuration and then
imported it to another server, I wondered how on earth the anonymous user
name and password "magically" was modified to fit the target server. The
fact is, since I didn't override the default anonymous user or password on
the source virtual directory, when I imported it into the target server the
anonymous user name and password from the source were not applied to the
target configuration - meaning the target virtual directory anonymous user
settings would be left as the default for the target server.

I highly recommend looking at the Metabase Explorer.
Chris

Discover the Metabase: This article is not available on-line yet. But the
link to the issue that contains the article is here:
http://www.microsoft.com/technet/technetmag/issues/2005/11/default.aspx

IIS 6.0 Resource Ki
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

[quoted text, click to view]
Got something to say? Click here to post a reply to this thread.
Don't see what you're looking for? Try a search.
View other messages about iis security
AddThis Social Bookmark Button
View Other Months
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
home · blog · groups Questions? Comments? Contact the dn