Hi. I'm running Win XP Pro Sp2.
After running the iis lockdown tool, my administrator account got changed so
that this account is a member of the Web Anonymous Users.
After rebooting, when I try logging in, I'm immediately logged out.
Removing the Web Anonymous Users fixes things. Can someone explain what
might
be happening? I'm also using pivx's qwik-fix security tool which does place
some internet
explorer restrictions.
I'd also be interested in info documenting what the various computer and
internet zones mean relative to internet explorer and relative to the
operating system itself exclusive of the internet.

I believe that is documented and by-design. You must have used your
administrator account as an anonymous user on IIS, which is a security
vulnerability.

So, I suggest that you stop using an administrator as anonymous user (you
basically allow anyone in the world to run as administrator on your
machine -- highly insecure) and revert the Web Anonymous Users group
settings.

[quoted text, click to view]

I would search for this info. I remember seeing URLs documenting what
happens in any IE Internet Zone and what each feature means -- but that is
an IE question, not IIS/Security.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
Hi. I'm running Win XP Pro Sp2.
After running the iis lockdown tool, my administrator account got changed so
that this account is a member of the Web Anonymous Users.
After rebooting, when I try logging in, I'm immediately logged out.
Removing the Web Anonymous Users fixes things. Can someone explain what
might
be happening? I'm also using pivx's qwik-fix security tool which does place
some internet
explorer restrictions.
I'd also be interested in info documenting what the various computer and
internet zones mean relative to internet explorer and relative to the
operating system itself exclusive of the internet.