|
|
You're in the
iis security
group:anonymous password
iis security:
for developing a web service which i thought was having security issues... so i was trying changing that site's security settings. i changed the authorization method a couple times, including changing the anonymous account to administrator to see if it would run that way (it didn't, but thats another problem)... when i put it back to anonymous with iusr_machinename account it still asks for password when accessed from other machines. the other 2 sites are ok still. i tried a few combinations like going to the next higher level and turning off anonymous access for all 3 and applying that then turning it back on, which didn't help... i have started and stopped and rebooted. it seems like that one site is out of synch on the anonymous password. how do i get it back??
Delete the AnonymousUserName and AnonymousUserPass property overrides on
that one website so that it re-inherits from the global setting, which should still be in sync since the other 2 sites are ok and also inheriting those properties. This blog entry shows how to synchronize username/password between real NT user and IIS configuration -- which assumes that you control the username/password (which is NOT your current case here -- so in the blog entry where I talk about synchronizing, you are actually interested in deleting the values so that you re-inherit from the parent). But, it contains a bunch of other related info that should be useful. http://blogs.msdn.com/david.wang/archive/2005/12/07/HOWTO_Synchronize_User_Credentials_in_IIS.aspx -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "Dave" <noone@nowhere.com> wrote in message news:OOj0gYBCGHA.4040@TK2MSFTNGP12.phx.gbl... > server 2003 running iis, got 3 web sites running. one of them i am using > for developing a web service which i thought was having security issues... > so i was trying changing that site's security settings. i changed the > authorization method a couple times, including changing the anonymous > account to administrator to see if it would run that way (it didn't, but > thats another problem)... when i put it back to anonymous with > iusr_machinename account it still asks for password when accessed from > other machines. the other 2 sites are ok still. i tried a few > combinations like going to the next higher level and turning off anonymous > access for all 3 and applying that then turning it back on, which didn't > help... i have started and stopped and rebooted. it seems like that one > site is out of synch on the anonymous password. how do i get it back?? >
Nothing was confused.
The UI does *not* delete the anonymous username/password. When you set the username and leave the psasword blank, all you did was set the password to "blank", not delete it to inherit from the parent. This is just how the UI works; as soon as you modify a property, it stops inheriting from the parent no matter what you do, and you can never get it to inherit again unless you delete the website and start over (or reset the value at a parent node at which point you have a one-time opportunity to delete child values to have them re-inherit). I was suggesting that you use adsutil.vbs to directly delete the property that you unknowningly set, but as long as you are satisfied, your alternative to just delete the website works as well. I also suggest you read some of my blog entries to understand what user identity IIS uses to run code and how it associates with the authentication protocol. You don't need to guess http://blogs.msdn.com/david.wang/archive/2005/05/26/IIS_User_Identity_to_Run_Code.aspx http://blogs.msdn.com/david.wang/archive/2005/06/29/IIS_User_Identity_to_Run_Code_Part_2.aspx -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "Dave" <noone@nowhere.com> wrote in message news:zrGdnR1oIcVmxTDenZ2dnUVZ_tqdnZ2d@crocker.com... > ah well, wanted to get on with development so deleted the old site and > recreated it fresh, now it works with anonymous access. something was > sure confused. > > "Dave" <noone@nowhere.com> wrote in message > news:E8adnUfFHr3qpjDenZ2dnUVZ_s2dnZ2d@crocker.com... >> been there, done that... just did it again. i go into the iis snapin, >> right click on the troublesome site and pick properties, go to the >> directory security tab, under authentication and access control i press >> edit, if i retype the iusr_machinename in the account and leave the >> password blank it asks me to confirm the password, which i also leave >> blank... that doesn't fix it. if i browse to find the account it doesn't >> fix it either. browsing for it puts in machinename\iusr_machinename and >> leaves the password field blank. if i then edit off the machinename\ >> part it still seems to leave the password blank. i have tried stopping >> and starting the site in between each of these combinations... there must >> be something else i am missing or have messed up. >> >> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message >> news:%23z1tqLHCGHA.3572@TK2MSFTNGP14.phx.gbl... >>> Delete the AnonymousUserName and AnonymousUserPass property overrides on >>> that one website so that it re-inherits from the global setting, which >>> should still be in sync since the other 2 sites are ok and also >>> inheriting those properties. >>> >>> This blog entry shows how to synchronize username/password between real >>> NT user and IIS configuration -- which assumes that you control the >>> username/password (which is NOT your current case here -- so in the blog >>> entry where I talk about synchronizing, you are actually interested in >>> deleting the values so that you re-inherit from the parent). But, it >>> contains a bunch of other related info that should be useful. >>> http://blogs.msdn.com/david.wang/archive/2005/12/07/HOWTO_Synchronize_User_Credentials_in_IIS.aspx >>> >>> -- >>> //David >>> IIS >>> http://blogs.msdn.com/David.Wang >>> This posting is provided "AS IS" with no warranties, and confers no >>> rights. >>> // >>> >>> "Dave" <noone@nowhere.com> wrote in message >>> news:OOj0gYBCGHA.4040@TK2MSFTNGP12.phx.gbl... >>>> server 2003 running iis, got 3 web sites running. one of them i am >>>> using for developing a web service which i thought was having security >>>> issues... so i was trying changing that site's security settings. i >>>> changed the authorization method a couple times, including changing the >>>> anonymous account to administrator to see if it would run that way (it >>>> didn't, but thats another problem)... when i put it back to anonymous >>>> with iusr_machinename account it still asks for password when accessed >>>> from other machines. the other 2 sites are ok still. i tried a few >>>> combinations like going to the next higher level and turning off >>>> anonymous access for all 3 and applying that then turning it back on, >>>> which didn't help... i have started and stopped and rebooted. it >>>> seems like that one site is out of synch on the anonymous password. >>>> how do i get it back?? >>>> >>> >>> >> >> > >
been there, done that... just did it again. i go into the iis snapin, right
click on the troublesome site and pick properties, go to the directory security tab, under authentication and access control i press edit, if i retype the iusr_machinename in the account and leave the password blank it asks me to confirm the password, which i also leave blank... that doesn't fix it. if i browse to find the account it doesn't fix it either. browsing for it puts in machinename\iusr_machinename and leaves the password field blank. if i then edit off the machinename\ part it still seems to leave the password blank. i have tried stopping and starting the site in between each of these combinations... there must be something else i am missing or have messed up. [quoted text, click to view] "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:%23z1tqLHCGHA.3572@TK2MSFTNGP14.phx.gbl... > Delete the AnonymousUserName and AnonymousUserPass property overrides on > that one website so that it re-inherits from the global setting, which > should still be in sync since the other 2 sites are ok and also inheriting > those properties. > > This blog entry shows how to synchronize username/password between real NT > user and IIS configuration -- which assumes that you control the > username/password (which is NOT your current case here -- so in the blog > entry where I talk about synchronizing, you are actually interested in > deleting the values so that you re-inherit from the parent). But, it > contains a bunch of other related info that should be useful. > http://blogs.msdn.com/david.wang/archive/2005/12/07/HOWTO_Synchronize_User_Credentials_in_IIS.aspx > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > > "Dave" <noone@nowhere.com> wrote in message > news:OOj0gYBCGHA.4040@TK2MSFTNGP12.phx.gbl... >> server 2003 running iis, got 3 web sites running. one of them i am using >> for developing a web service which i thought was having security >> issues... so i was trying changing that site's security settings. i >> changed the authorization method a couple times, including changing the >> anonymous account to administrator to see if it would run that way (it >> didn't, but thats another problem)... when i put it back to anonymous >> with iusr_machinename account it still asks for password when accessed >> from other machines. the other 2 sites are ok still. i tried a few >> combinations like going to the next higher level and turning off >> anonymous access for all 3 and applying that then turning it back on, >> which didn't help... i have started and stopped and rebooted. it seems >> like that one site is out of synch on the anonymous password. how do i >> get it back?? >> > >
ah well, wanted to get on with development so deleted the old site and
recreated it fresh, now it works with anonymous access. something was sure confused. [quoted text, click to view] "Dave" <noone@nowhere.com> wrote in message news:E8adnUfFHr3qpjDenZ2dnUVZ_s2dnZ2d@crocker.com... > been there, done that... just did it again. i go into the iis snapin, > right click on the troublesome site and pick properties, go to the > directory security tab, under authentication and access control i press > edit, if i retype the iusr_machinename in the account and leave the > password blank it asks me to confirm the password, which i also leave > blank... that doesn't fix it. if i browse to find the account it doesn't > fix it either. browsing for it puts in machinename\iusr_machinename and > leaves the password field blank. if i then edit off the machinename\ part > it still seems to leave the password blank. i have tried stopping and > starting the site in between each of these combinations... there must be > something else i am missing or have messed up. > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message > news:%23z1tqLHCGHA.3572@TK2MSFTNGP14.phx.gbl... >> Delete the AnonymousUserName and AnonymousUserPass property overrides on >> that one website so that it re-inherits from the global setting, which >> should still be in sync since the other 2 sites are ok and also >> inheriting those properties. >> >> This blog entry shows how to synchronize username/password between real >> NT user and IIS configuration -- which assumes that you control the >> username/password (which is NOT your current case here -- so in the blog >> entry where I talk about synchronizing, you are actually interested in >> deleting the values so that you re-inherit from the parent). But, it >> contains a bunch of other related info that should be useful. >> http://blogs.msdn.com/david.wang/archive/2005/12/07/HOWTO_Synchronize_User_Credentials_in_IIS.aspx >> >> -- >> //David >> IIS >> http://blogs.msdn.com/David.Wang >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> // >> >> "Dave" <noone@nowhere.com> wrote in message >> news:OOj0gYBCGHA.4040@TK2MSFTNGP12.phx.gbl... >>> server 2003 running iis, got 3 web sites running. one of them i am >>> using for developing a web service which i thought was having security >>> issues... so i was trying changing that site's security settings. i >>> changed the authorization method a couple times, including changing the >>> anonymous account to administrator to see if it would run that way (it >>> didn't, but thats another problem)... when i put it back to anonymous >>> with iusr_machinename account it still asks for password when accessed >>> from other machines. the other 2 sites are ok still. i tried a few >>> combinations like going to the next higher level and turning off >>> anonymous access for all 3 and applying that then turning it back on, >>> which didn't help... i have started and stopped and rebooted. it seems >>> like that one site is out of synch on the anonymous password. how do i >>> get it back?? >>> >> >> > >
Yes you had the right idea but no, it is not possible to use those dialogs
to reset the anonymous user password to re-inherit. It will not reset AnonymousUserPass (which is what you want to re-inherit) unless you changed it's value at the global level... but you can do that only if you knew the original password (which you don't - you only toggled the anonymous setting, which doesn't do enough)... which means it is not possible to use the UI to reset the anonymous user password to re-inherit. In general, the IIS Manager UI is not good at allowing you to fix your configuration through re-inheritance. Without knowing the anonymous password, you can only fix your situation by: 1. using ADSUTIL.VBS FIND AnonymousPassword and then ADSUTIL.VBS DELETE <The-Bad-Anonymouspassword> so that it would re-inherit from global again (this is what the blog entry shows) 2. delete the website or vdir which contains the bad AnonymousPassword property and start over -- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // [quoted text, click to view] "Dave" <noone@nowhere.com> wrote in message news:VJKdnaHXU6ioXTDenZ2dnUVZ_tCdnZ2d@crocker.com... >i thought what i was doing with the parent would have reset the anon >account. one of the things i did was to go to the parent and remove the >anon authentication, then reapply it... when i did that, at least in one >iteration, it asked if i wanted to apply it to the sites that had different >settings... and it listed the problem site, so i selected that and thought >it would override the bad setting i had made, but it didn't. deleting the >site was not really any problem since it didn't have much anyway since i >was just playing with a web service. > > now if i could just figure out how to get rid of some orphaned entries in > the app pool i made.... > > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message > news:un0C5XLCGHA.1028@TK2MSFTNGP11.phx.gbl... >> Nothing was confused. >> >> The UI does *not* delete the anonymous username/password. When you set >> the username and leave the psasword blank, all you did was set the >> password to "blank", not delete it to inherit from the parent. This is >> just how the UI works; as soon as you modify a property, it stops >> inheriting from the parent no matter what you do, and you can never get >> it to inherit again unless you delete the website and start over (or >> reset the value at a parent node at which point you have a one-time >> opportunity to delete child values to have them re-inherit). >> >> I was suggesting that you use adsutil.vbs to directly delete the property >> that you unknowningly set, but as long as you are satisfied, your >> alternative to just delete the website works as well. >> >> I also suggest you read some of my blog entries to understand what user >> identity IIS uses to run code and how it associates with the >> authentication protocol. You don't need to guess >> http://blogs.msdn.com/david.wang/archive/2005/05/26/IIS_User_Identity_to_Run_Code.aspx >> http://blogs.msdn.com/david.wang/archive/2005/06/29/IIS_User_Identity_to_Run_Code_Part_2.aspx >> >> -- >> //David >> IIS >> http://blogs.msdn.com/David.Wang >> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> // >> >> "Dave" <noone@nowhere.com> wrote in message >> news:zrGdnR1oIcVmxTDenZ2dnUVZ_tqdnZ2d@crocker.com... >>> ah well, wanted to get on with development so deleted the old site and >>> recreated it fresh, now it works with anonymous access. something was >>> sure confused. >>> >>> "Dave" <noone@nowhere.com> wrote in message >>> news:E8adnUfFHr3qpjDenZ2dnUVZ_s2dnZ2d@crocker.com... >>>> been there, done that... just did it again. i go into the iis snapin, >>>> right click on the troublesome site and pick properties, go to the >>>> directory security tab, under authentication and access control i >>>> press edit, if i retype the iusr_machinename in the account and leave >>>> the password blank it asks me to confirm the password, which i also >>>> leave blank... that doesn't fix it. if i browse to find the account it >>>> doesn't fix it either. browsing for it puts in >>>> machinename\iusr_machinename and leaves the password field blank. if i >>>> then edit off the machinename\ part it still seems to leave the >>>> password blank. i have tried stopping and starting the site in between >>>> each of these combinations... there must be something else i am missing >>>> or have messed up. >>>> >>>> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message >>>> news:%23z1tqLHCGHA.3572@TK2MSFTNGP14.phx.gbl... >>>>> Delete the AnonymousUserName and AnonymousUserPass property overrides >>>>> on that one website so that it re-inherits from the global setting, >>>>> which should still be in sync since the other 2 sites are ok and also >>>>> inheriting those properties. >>>>> >>>>> This blog entry shows how to synchronize username/password between >>>>> real NT user and IIS configuration -- which assumes that you control >>>>> the username/password (which is NOT your current case here -- so in >>>>> the blog entry where I talk about synchronizing, you are actually >>>>> interested in deleting the values so that you re-inherit from the >>>>> parent). But, it contains a bunch of other related info that should be >>>>> useful. >>>>> http://blogs.msdn.com/david.wang/archive/2005/12/07/HOWTO_Synchronize_User_Credentials_in_IIS.aspx >>>>> >>>>> -- >>>>> //David >>>>> IIS >>>>> http://blogs.msdn.com/David.Wang >>>>> This posting is provided "AS IS" with no warranties, and confers no >>>>> rights. >>>>> // >>>>> >>>>> "Dave" <noone@nowhere.com> wrote in message >>>>> news:OOj0gYBCGHA.4040@TK2MSFTNGP12.phx.gbl... >>>>>> server 2003 running iis, got 3 web sites running. one of them i am >>>>>> using for developing a web service which i thought was having >>>>>> security issues... so i was trying changing that site's security >>>>>> settings. i changed the authorization method a couple times, >>>>>> including changing the anonymous account to administrator to see if >>>>>> it would run that way (it didn't, but thats another problem)... when >>>>>> i put it back to anonymous with iusr_machinename account it still >>>>>> asks for password when accessed from other machines. the other 2 >>>>>> sites are ok still. i tried a few combinations like going to the >>>>>> next higher level and turning off anonymous access for all 3 and >>>>>> applying that then turning it back on, which didn't help... i have >>>>>> started and stopped and rebooted. it seems like that one site is out >>>>>> of synch on the anonymous password. how do i get it back?? >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
i thought what i was doing with the parent would have reset the anon
account. one of the things i did was to go to the parent and remove the anon authentication, then reapply it... when i did that, at least in one iteration, it asked if i wanted to apply it to the sites that had different settings... and it listed the problem site, so i selected that and thought it would override the bad setting i had made, but it didn't. deleting the site was not really any problem since it didn't have much anyway since i was just playing with a web service. now if i could just figure out how to get rid of some orphaned entries in the app pool i made.... [quoted text, click to view] "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:un0C5XLCGHA.1028@TK2MSFTNGP11.phx.gbl... > Nothing was confused. > > The UI does *not* delete the anonymous username/password. When you set the > username and leave the psasword blank, all you did was set the password to > "blank", not delete it to inherit from the parent. This is just how the UI > works; as soon as you modify a property, it stops inheriting from the > parent no matter what you do, and you can never get it to inherit again > unless you delete the website and start over (or reset the value at a > parent node at which point you have a one-time opportunity to delete child > values to have them re-inherit). > > I was suggesting that you use adsutil.vbs to directly delete the property > that you unknowningly set, but as long as you are satisfied, your > alternative to just delete the website works as well. > > I also suggest you read some of my blog entries to understand what user > identity IIS uses to run code and how it associates with the > authentication protocol. You don't need to guess > http://blogs.msdn.com/david.wang/archive/2005/05/26/IIS_User_Identity_to_Run_Code.aspx > http://blogs.msdn.com/david.wang/archive/2005/06/29/IIS_User_Identity_to_Run_Code_Part_2.aspx > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > > "Dave" <noone@nowhere.com> wrote in message > news:zrGdnR1oIcVmxTDenZ2dnUVZ_tqdnZ2d@crocker.com... >> ah well, wanted to get on with development so deleted the old site and >> recreated it fresh, now it works with anonymous access. something was >> sure confused. >> >> "Dave" <noone@nowhere.com> wrote in message >> news:E8adnUfFHr3qpjDenZ2dnUVZ_s2dnZ2d@crocker.com... >>> been there, done that... just did it again. i go into the iis snapin, >>> right click on the troublesome site and pick properties, go to the >>> directory security tab, under authentication and access control i press >>> edit, if i retype the iusr_machinename in the account and leave the >>> password blank it asks me to confirm the password, which i also leave >>> blank... that doesn't fix it. if i browse to find the account it >>> doesn't fix it either. browsing for it puts in >>> machinename\iusr_machinename and leaves the password field blank. if i >>> then edit off the machinename\ part it still seems to leave the password >>> blank. i have tried stopping and starting the site in between each of >>> these combinations... there must be something else i am missing or have >>> messed up. >>> >>> "David Wang [Msft]" <someone@online.microsoft.com> wrote in message >>> news:%23z1tqLHCGHA.3572@TK2MSFTNGP14.phx.gbl... >>>> Delete the AnonymousUserName and AnonymousUserPass property overrides >>>> on that one website so that it re-inherits from the global setting, >>>> which should still be in sync since the other 2 sites are ok and also >>>> inheriting those properties. >>>> >>>> This blog entry shows how to synchronize username/password between real >>>> NT user and IIS configuration -- which assumes that you control the >>>> username/password (which is NOT your current case here -- so in the >>>> blog entry where I talk about synchronizing, you are actually >>>> interested in deleting the values so that you re-inherit from the >>>> parent). But, it contains a bunch of other related info that should be >>>> useful. >>>> http://blogs.msdn.com/david.wang/archive/2005/12/07/HOWTO_Synchronize_User_Credentials_in_IIS.aspx >>>> >>>> -- >>>> //David >>>> IIS >>>> http://blogs.msdn.com/David.Wang >>>> This posting is provided "AS IS" with no warranties, and confers no >>>> rights. >>>> // >>>> >>>> "Dave" <noone@nowhere.com> wrote in message >>>> news:OOj0gYBCGHA.4040@TK2MSFTNGP12.phx.gbl... >>>>> server 2003 running iis, got 3 web sites running. one of them i am >>>>> using for developing a web service which i thought was having security >>>>> issues... so i was trying changing that site's security settings. i >>>>> changed the authorization method a couple times, including changing >>>>> the anonymous account to administrator to see if it would run that way >>>>> (it didn't, but thats another problem)... when i put it back to >>>>> anonymous with iusr_machinename account it still asks for password >>>>> when accessed from other machines. the other 2 sites are ok still. i >>>>> tried a few combinations like going to the next higher level and >>>>> turning off anonymous access for all 3 and applying that then turning >>>>> it back on, which didn't help... i have started and stopped and >>>>> rebooted. it seems like that one site is out of synch on the >>>>> anonymous password. how do i get it back?? >>>>> >>>> >>>> >>> >>> >> >> > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |