"David Wang" <w3.4you@gmail.com> wrote in message
news:1173942878.906225.315480@y80g2000hsf.googlegroups.com...
> Anonymous authentication works without sub-authentication.
>
> http://blogs.msdn.com/david.wang/archive/2006/07/01/IIS-Security-Templates-and-Anonymous-Authentication.aspx
>
> You just need to make sure that you set the correct password for the
> configured anonymous user account so that IIS can login with it using
> a normal, unprivileged account. If you do not set the correct password
> in IIS configuration, then you will need to run IIS as LocalSystem to
> use sub-authentication so that IIS can login the anonymous user
> account without knowing the password.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
>
> On Mar 14, 3:22 pm, "WhoKnows" <parkhens...@yahoo.com> wrote:
>> I want to use Anonymous authentication to a website served by IIS 6.0 and
>> Windows 2003 that is the front end for a database on a separate computer
>> that requires user logon to access the data. I also want to use SSL to
>> encrypt the return of the data from the browser to the anonymous user. It
>> seems that I must turn on sub-authentication to authenticate the
>> anonymous
>> user on the website in order to continue beyond logging into the
>> database.
>> Is this true? The problem with sub-authentication seems to be that the
>> anonymous user has to run under the local system account which could be a
>> security hole. Is there a way around this?
>

"David Wang" <w3.4you@gmail.com> wrote in message
news:1173976195.300917.15840@n59g2000hsh.googlegroups.com...
> The anonymous user's password is randomly generated on every machine.
> You will need to manually first set it to a known value within Local
> Users and Groups (Right click on user name and select "Set
> Password..."), then use a script like the following to synchronize the
> value in IIS to match this known value.
>
> http://blogs.msdn.com/david.wang/archive/2005/12/07/HOWTO-Synchronize-User-Credentials-in-IIS.aspx
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>
>
>
> On Mar 15, 8:11 am, "WhoKnows" <parkhens...@yahoo.com> wrote:
>> Thanks,
>>
>> That's good because I did not want to have my users running under local
>> system. But I do not see how to make sure that the correct password is
>> used
>> in both Windows 2003 and IIS. In Local Users and Groups, I just see the
>> Internet Guest Account and no password box to change it and don't know
>> what
>> it is so that I can then enter that into IIS. I guess the question really
>> is
>> what is the Internet Guest Account password and can I change it and how?
>>
>> Thanks
>>
>> "David Wang" <w3.4...@gmail.com> wrote in message
>>
>> news:1173942878.906225.315480@y80g2000hsf.googlegroups.com...
>>
>>
>>
>> > Anonymous authentication works without sub-authentication.
>>
>> >http://blogs.msdn.com/david.wang/archive/2006/07/01/IIS-Security-Temp...
>>
>> > You just need to make sure that you set the correct password for the
>> > configured anonymous user account so that IIS can login with it using
>> > a normal, unprivileged account. If you do not set the correct password
>> > in IIS configuration, then you will need to run IIS as LocalSystem to
>> > use sub-authentication so that IIS can login the anonymous user
>> > account without knowing the password.
>>
>> > //David
>> >http://w3-4u.blogspot.com
>> >http://blogs.msdn.com/David.Wang
>> > //
>>
>> > On Mar 14, 3:22 pm, "WhoKnows" <parkhens...@yahoo.com> wrote:
>> >> I want to use Anonymous authentication to a website served by IIS 6.0
>> >> and
>> >> Windows 2003 that is the front end for a database on a separate
>> >> computer
>> >> that requires user logon to access the data. I also want to use SSL to
>> >> encrypt the return of the data from the browser to the anonymous user.
>> >> It
>> >> seems that I must turn on sub-authentication to authenticate the
>> >> anonymous
>> >> user on the website in order to continue beyond logging into the
>> >> database.
>> >> Is this true? The problem with sub-authentication seems to be that the
>> >> anonymous user has to run under the local system account which could
>> >> be a
>> >> security hole. Is there a way around this?- Hide quoted text -
>>
>> - Show quoted text -
>