IUSR has to be in Admin group to work

IUSR has to be in Admin group to work

am 03.04.2006 15:44:02 von Ishmealm

This is from an earlier post, but I think I posted for the wrong thing.

None of my applications that use the IUSR account for anonymous
authenication work, unless, I add the IUSR account to the admin group (this
goes for all apps, asp, html, CF, etc..). I checked and it is in the Guest
Group and it has the following User Rights Assignments:

Access this computer from the network
Allow Logon Locally
Bypass Traverse Checking
Log on as a Batch Job

I can't see that this is any different from any of our other web servers. I
also can't find that it needs to be anywhere else. I don't want to leave it
in the Admin group for any longer than I have too. It's a dev server, so it
hasn't been a problem yet, but I'd still like to get it setup correctly.
Thanks!

Re: IUSR has to be in Admin group to work

am 03.04.2006 21:22:08 von Consultant

look into the authdiag utility from microsoft


"Ishmealm" wrote in message
news:B091A064-0ECC-4FDE-981A-D6964F5C45D0@microsoft.com...
> This is from an earlier post, but I think I posted for the wrong thing.
>
> None of my applications that use the IUSR account for anonymous
> authenication work, unless, I add the IUSR account to the admin group
> (this
> goes for all apps, asp, html, CF, etc..). I checked and it is in the
> Guest
> Group and it has the following User Rights Assignments:
>
> Access this computer from the network
> Allow Logon Locally
> Bypass Traverse Checking
> Log on as a Batch Job
>
> I can't see that this is any different from any of our other web servers.
> I
> also can't find that it needs to be anywhere else. I don't want to leave
> it
> in the Admin group for any longer than I have too. It's a dev server, so
> it
> hasn't been a problem yet, but I'd still like to get it setup correctly.
> Thanks!
>

Re: IUSR has to be in Admin group to work

am 04.04.2006 04:40:21 von Bernard

Get filemon and regmon from sysinternals.com to trace as well.

--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/


"Ishmealm" wrote in message
news:B091A064-0ECC-4FDE-981A-D6964F5C45D0@microsoft.com...
> This is from an earlier post, but I think I posted for the wrong thing.
>
> None of my applications that use the IUSR account for anonymous
> authenication work, unless, I add the IUSR account to the admin group
> (this
> goes for all apps, asp, html, CF, etc..). I checked and it is in the
> Guest
> Group and it has the following User Rights Assignments:
>
> Access this computer from the network
> Allow Logon Locally
> Bypass Traverse Checking
> Log on as a Batch Job
>
> I can't see that this is any different from any of our other web servers.
> I
> also can't find that it needs to be anywhere else. I don't want to leave
> it
> in the Admin group for any longer than I have too. It's a dev server, so
> it
> hasn't been a problem yet, but I'd still like to get it setup correctly.
> Thanks!
>