none
IIS 7.5 default first site NTFS permission

    Question

  • hi all
    in IIS 7.5 , on the permissions of default website , when i remove users group and instead i add "Authenticated users " , we can view the website anonymously , but when i remove authenticated users group and i add "IUSR"  account ,  again we can not view website ( displays error )
    i wonder that as microsoft say , IUSR account is the deputy of visiting a website anonymously !
    ( please don't refer me to ask my iis related questions in forumes.iis.net , because that forum is quit  inactive and  people there answer to questions very very late and there is not multiple answer , so that forum doesn't help me )
    thanks
    Friday, December 30, 2011 5:33 PM

Answers

  • Hi,

     

     

    According to the problem description, this issue is related to IIS. For IIS issue, the best resource is IIS forum.

     

     

    Based on the current situation, you’d better submit a new question to IIS forum for further assistance. In this way, your issue can be resolved effectively.

     

     

    IIS Forums

    http://forums.iis.net/

     

     

    Thanks for your understanding!

     

     

    Regards,


    Arthur Li

    TechNet Community Support

    Saturday, December 31, 2011 12:34 AM
  • The IUSR is a legacy account for anonymous access.

    Also, please be careful changing some of the default permissions. YOu may wind up making the site inaccessible. Make sure you backup IIS using the IIS6 console. If IIS6 console is not showing up or available, you can install it using Windows features.

     

    IIS 7.5 Application Pool idenity account and windows folders
    http://forums.asp.net/t/1618942.aspx/1?IIS+7+5+Application+Pool+idenity+account+and+windows+folders

    Thread: IIS 7.5 IUSR/IIS_IUSRS?
    http://forums.iis.net/p/1169633/1951241.aspx#1951241

    IIS7 testing Authentication and IUSR account
    If so, then the IUSR account isn't used. Instead it uses the app ... Crystal Reports 2010 in IIS 7.5 asking for authentication ·
    http://serverfault.com/questions/101380/iis7-testing-authentication-and-iusr-account

    Internet Information Services
    "Authentication changed slightly between IIS 6.0 and IIS 7, most notably in that the anonymous user which was named "IUSR_{machinename}" is a built-in account in Vista and future operating systems and named "IUSR". Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled."
    http://en.wikipedia.org/wiki/Internet_Information_Services

    Anonymous Authentication <anonymousAuthentication>  :
    "The <anonymousAuthentication> element controls how Internet Information Services (IIS) 7 processes requests from anonymous users. You can modify the <anonymousAuthentication> element to disable Anonymous authentication, or you can configure Internet Information Services (IIS) to use a custom user account to process anonymous requests.
    Anonymous authentication gives users access to the public areas of your Web or FTP site without prompting them for a user name or password. By default, the IUSR account, which was introduced in IIS 7.0 and replaces the IIS 6.0 IUSR_computername account, is used to allow anonymous access. An application is a grouping of files that delivers content or provides services over protocols, such as HTTP. When you create an application in IIS, the application's path becomes part of the site's URL."
    http://www.iis.net/ConfigReference/system.webServer/security/authentication/anonymousAuthentication

     


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Saturday, December 31, 2011 12:41 AM

All replies

  • Hi,

     

     

    According to the problem description, this issue is related to IIS. For IIS issue, the best resource is IIS forum.

     

     

    Based on the current situation, you’d better submit a new question to IIS forum for further assistance. In this way, your issue can be resolved effectively.

     

     

    IIS Forums

    http://forums.iis.net/

     

     

    Thanks for your understanding!

     

     

    Regards,


    Arthur Li

    TechNet Community Support

    Saturday, December 31, 2011 12:34 AM
  • The IUSR is a legacy account for anonymous access.

    Also, please be careful changing some of the default permissions. YOu may wind up making the site inaccessible. Make sure you backup IIS using the IIS6 console. If IIS6 console is not showing up or available, you can install it using Windows features.

     

    IIS 7.5 Application Pool idenity account and windows folders
    http://forums.asp.net/t/1618942.aspx/1?IIS+7+5+Application+Pool+idenity+account+and+windows+folders

    Thread: IIS 7.5 IUSR/IIS_IUSRS?
    http://forums.iis.net/p/1169633/1951241.aspx#1951241

    IIS7 testing Authentication and IUSR account
    If so, then the IUSR account isn't used. Instead it uses the app ... Crystal Reports 2010 in IIS 7.5 asking for authentication ·
    http://serverfault.com/questions/101380/iis7-testing-authentication-and-iusr-account

    Internet Information Services
    "Authentication changed slightly between IIS 6.0 and IIS 7, most notably in that the anonymous user which was named "IUSR_{machinename}" is a built-in account in Vista and future operating systems and named "IUSR". Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled."
    http://en.wikipedia.org/wiki/Internet_Information_Services

    Anonymous Authentication <anonymousAuthentication>  :
    "The <anonymousAuthentication> element controls how Internet Information Services (IIS) 7 processes requests from anonymous users. You can modify the <anonymousAuthentication> element to disable Anonymous authentication, or you can configure Internet Information Services (IIS) to use a custom user account to process anonymous requests.
    Anonymous authentication gives users access to the public areas of your Web or FTP site without prompting them for a user name or password. By default, the IUSR account, which was introduced in IIS 7.0 and replaces the IIS 6.0 IUSR_computername account, is used to allow anonymous access. An application is a grouping of files that delivers content or provides services over protocols, such as HTTP. When you create an application in IIS, the application's path becomes part of the site's URL."
    http://www.iis.net/ConfigReference/system.webServer/security/authentication/anonymousAuthentication

     


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Saturday, December 31, 2011 12:41 AM
  • thanks to all repliers
    Saturday, December 31, 2011 7:35 PM
  • You are welcome.

     


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Monday, January 02, 2012 7:59 PM