Hello, I have my webpages in a folder called "company.com" under
Inetpub/wwwroot. I'm having some trouble configuring the permissions on the
folder. Does everyone need atleast read access to this folder in order to
access the website? I took the read permissions off for everyone and users
started getting prompts to login to the website. I thought all you needed was
to enable Anonymous access through IIS 6. We prefer to not have to give read
access to everyone. There is sensitive information in this folder. Thanks in

Hi,

If you have "sensitive information" in the folder, then why do you have
"anonymous access" enabled in IIS? If Anonymous Access is enabled, then
anyone can view the files in the folder.

In terms of your actual problem - Windows has a robust security
architecture. Every type of access to every type of resource (file, port,
reg key, whatever) must be in some user context. When you enable "anonymous
access" it's anonymous for the end user. It's not "anonymous" as far as
Windows goes. IIS will log on the configured "anonymous user" account. This
is, by default, IUSR_<machinename> for static content and ASP pages. And the
application pool identity (Network Service) for ASP.NET pages. These
accounts need Read permission to the content if you want to allow anonymous
access.

Cheers
Ken



[quoted text, click to view]