Please can someone help me understand anonymous access in IIS. I know by when IIS is installeled an account is created called IUSR_ComputerName but does this mean that I have to add and the user to root directory of the website if anoymous is enabled. I’ve also read that on a server even though the IUSR_ComputerName is used, it acutally used a network service user. If so do I have to grant this user permissions to the directory?
Finally, as the user password is not managed by windows, is there a tool I can use to reset this?
Many thanks
The user password is managed by Windows. You can change it as a regular Windows user but probably shouldn’t.
If you are dealing with an ASP.NET application it will not really (I think…) use that anonymous user. It will run as the identity of the application pool, which is NetworkService until Windows 2008R2 and after Windows 2008R2 became ApplicationPoolIdentity (by default, you change it back to NetworkService in the AppPool settings/Identity).
The AppPoolIdentity differs from NetworkService in that it doesn’t have access to network (i.e. shares on other computers). If you do need to access them, change back to Network Service. The shares will be accessed with the identity of the computer on which you are running your app.
If your app needs to write to its directory you will need to grant NetworkService rights to it.