Configuring the Anonymous Access Account

By enabling and then properly configuring your Web server's anonymous access account, you can grant users access to your public Web and FTP content. When a user attempts to connect to a public Web or FTP site, your Web server assigns the user a Windows NT anonymous, or guest, user account. Typically, this guest account has security restrictions, imposed by your Windows NT Files System (NTFS) permissions, that designate the level of access and the type of content available to public users.

Your Web server has a default anonymous account called IUSR_computername, where computername is the name of your Web server. If you choose, you also have the option of creating your own custom anonymous account.

For more information about anonymous access, see About Access Control.

Important   

• When you set security properties for a specific Web site, you automatically set the same security properties for directories and files belonging to that site, unless the security properties of the individual directories and files have been previously set.
• Your Web server will prompt you for permission to reset the properties of individual directories and files when you attempt to set security properties for your Web site. If you choose to reset these properties, your previous security settings will be replaced by the new settings. The same condition applies when you set security properties for a directory containing subdirectories or files with previously set security properties. For more information about setting properties, see Properties and Inheritance of Properties on Sites in About Web Sites.

1. Click Start, point to Administrative Tools and click User Manager for Domains.

Note   You must have Administrator privileges to create and manage accounts.


2. On the User menu, click New User to create a new anonymous-logon user account. Give the account a user name and difficult-to-guess password, then select the appropriate password restrictions. Click Groups to make the user account a member of the Guest security groups only.
3. On the Policies menu, click User Rights to grant the account the Log on Locally user right.

   Note   In the case of FTP or WWW authentication, your Web server attempts by default to log the user on as a local user, that is, as a user physically located at the server. You can also designate FTP access with the following Windows NT user rights:
   

   • Log On as Batch Job - This user right is similar to Log On Locally, except that the user is logged off after a process completes.
   • Access this Computer from the Network - Allows the user to connect to the server computer over a network. However, users may not be able to remotely access a SQL Server database set for integrated security.

1. In Internet Service Manager, select a Web site, directory, or file, and open its property sheets.
2. Select the appropriate Directory Security or File Security property sheet. Under Anonymous Access and Authentication Control, click Edit.
3. In the Authentication Methods dialog box, select the Allow Anonymous Access check box.

Note   Your Web browser enables the anonymous access option by default.


4. Next to Account used for Anonymous Access, click Edit. On the Anonymous User Account dialog box, type the anonymous logon user name and password for the account you want to use. Typically, you designate the user name as IUSR_computername.
5. Select the Enable Automatic Password Synchronization check box to match passwords with the anonymous account created in User Manager for Domains. Click the Help button for more information.

Note   Password synchronization should only be used with anonymous user accounts defined on the local computer, and not with anonymous accounts on other non-local computers.


6. Click OK.
7. Set appropriate Windows NT File System (NTFS) permissions for the anonymous account. For more information see, Setting Access Permissions for a Directory or File.

1. In Internet Service Manager, select a Web site, directory, or file, and open its property sheets.
2. Select the Security Accounts property sheet. Select the Allow Anonymous Connections check box.
3. In the User Name and Password boxes, enter the anonymous logon user name and password you want to use. The user name is typically designated as IUSR_computername.
4. Select the Enable Automatic Password Synchronization check box to match passwords with accounts created in User Manager for Domains.

Note   Password synchronization should only be used with anonymous user accounts defined on the local computer, and not with anonymous accounts on other non-local computers.


5. Select the Allow only anonymous connections check box to require all user to logon as anonymous users.
6. Click OK.
7. Set appropriate Windows NT File System (NTFS) permissions for the anonymous account. For more information see, Setting Access Permissions for a Directory or File.

© 1997 by Microsoft Corporation. All rights reserved.