locked
Allow IIS to Control Password RRS feed

  • Question

  • User1249417887 posted

     

    Hi,

    Can you tell me the meaning of the check box "Allow IIS to Control Password", What  exactly happens when we  check the check box?, also what happens in the runtime?(one thing I can understand that IIS logging the credentials supplied), I want a detailed explanation(from lower lever to higher level),Please. Thanks

      

     

    Monday, June 22, 2009 9:56 AM

Answers

  • User930989739 posted

    You must be talking about IIS5 or IIS6, are you not?

    "Allow IIS to Control Password" is available for IIS5 and IIS6 in the context of anonymous authentication. If "Allow IIS to Control Password" is enabled, then tye IIS adminitrator doesn't need to store anonymous user password in the metabase (IIS configuration store).  The main purpose of the feature is to simplify password management.
    There is a module called iissuba.dll loaded by LSA (Local Security Authority) module on the IIS machine that allows password less logon for anonymous users. Such anonymous tokens are only good for accessing local resources.

    IIS6 doesn't support the "Allow IIS to Control Password" by default due to some security concerns. Please read the following KB article  http://support.microsoft.com/kb/332167

    IIS7 retired the "ALlow IIS to Control Password" and introduced a built-in IUSR account for anonymous authentication. 

     

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, June 22, 2009 12:25 PM

All replies

  • User930989739 posted

    You must be talking about IIS5 or IIS6, are you not?

    "Allow IIS to Control Password" is available for IIS5 and IIS6 in the context of anonymous authentication. If "Allow IIS to Control Password" is enabled, then tye IIS adminitrator doesn't need to store anonymous user password in the metabase (IIS configuration store).  The main purpose of the feature is to simplify password management.
    There is a module called iissuba.dll loaded by LSA (Local Security Authority) module on the IIS machine that allows password less logon for anonymous users. Such anonymous tokens are only good for accessing local resources.

    IIS6 doesn't support the "Allow IIS to Control Password" by default due to some security concerns. Please read the following KB article  http://support.microsoft.com/kb/332167

    IIS7 retired the "ALlow IIS to Control Password" and introduced a built-in IUSR account for anonymous authentication. 

     

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, June 22, 2009 12:25 PM
  • User1249417887 posted

    Thanks.

    Monday, June 22, 2009 11:49 PM
  • User-1003103180 posted

    Hi Jaro, your post is very useful; but for new bee like me need some more clarification.

     I have a Windows Server 2000 which is running FTP on IIS 5.0 (hope i'm correct), i would like to rebuild the same server with Windows Server 2008 which runs the same FTP with IIS 7.0. Can you please advice on the way to achive this; since im not very good in IIS.

    Wednesday, May 12, 2010 9:02 AM