locked
Sophos PureMessage & IIS RRS feed

  • Question

  • I'm not sure where the best place is to ask this. I've had some problems with Sophos PureMessage, which is an anti-spam/anti-virus app which I have on my Exchange 2010 server (all roles on one server). The anti-spam part of it has a web based console where users can see their spam, except some users are getting prompted for login credentials. I'm going through it with Sophos Support who are asking why the IUSR user for IIS doesn't seem to exist on the server. I have checked that anonymous access is allowed on the server and although the IUSR user is listed as the user for anonymous access, I can't find an IUSR user for that server in Active Directory.

    Some users have no problems with this web console; some users do.


    Tim Gowen
    Thursday, November 10, 2011 8:31 AM

All replies

  • If the machine is a member server then that account will not existing in AD, it will be a local account. IUSR only goes in to AD if IIS is installed on a domain controller.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Thursday, November 10, 2011 9:57 PM
  • Hello,

     

    Dump the security permission from a probkematic and a good user by the following command:

     

    Dsacls “distinguishedName of the User” >C:\store.log

     

    Here is the detailed steps for getting the distinguishedName of a user:

     

    a. Run the Adsiedit.msc from a command prompt.

    b. Expand “Domain”->”DC=domainName,DC=com”->”CN=Users”

    c. Right click on ”CN=the problematic user name”, click “Properties”.

    d. Find the attribute “distinguishedName” attribute. Double click copy the value of it.

     

    Please check if there are any difference.

     

    Thanks,

    Simon

    Monday, November 14, 2011 7:54 AM
  • I'm not seeing it in local users and groups, though.
    Tim Gowen
    Monday, November 14, 2011 3:42 PM
  • I'm not seeing it in local users and groups, though.
    Tim Gowen


    You aren't going to, as it is a built in account now.

    http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/

    The account is only created when IIS 6 Compatability is installed. You need to ask Sophos if that is something that they need.

     

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Monday, November 14, 2011 4:53 PM
  • Sophos have suggested that I give it a try... Checking I see that some of it is not installed, and I wonder if WMI is what I need..?


    Tim Gowen
    Friday, November 25, 2011 11:34 AM