I have been running IIS 4.0 on WIN NT server (4.0 sp5), and have had n 1

[Guest_imported]

I have been running IIS 4.0 on WIN NT server (4.0 sp5), and have had no problems with the server since I got it running (about 3 months ago) Today I installed FrontPage 2000 and now for some reason evrytime someon goes to the website it comes up with a network log-in window. I have checked and double checked everything, but it still is not working right. I am thinking the problem is in the Directory Structure-Authentication Methods. I have it set<br>
to allow anonymous action, but what exactly should I use for the user name? I even went so far as un-installing IIS and reinstalling it, everything looked good, so I put the frontpage extensions, everything still looked fine, so then I went home. I logged into our server from home, and Poo-Poo! It asks for the darn UserName! How can I stop this! Please Help! Please Please Please! Soon, I think my boss may notice this, and ask me why it is doing it. I hate to have to make something up ;-)<br>
<br>
<br>
<br>
<br>

 

[Andrew Bosch]

By default, IIS uses IUSR_&lt;machine name&gt; as the anonymous ID. If you are using an NT domain, this ID is a local one, unless you are using a domain controller as IIS's host, where it will be a domain-wide one, since the local database is the domain database on a DC. The anonymous ID must have read access to the web pages in question and the \winnt, \winnt\system32, \winnt\system32\inetsrv, \program files\common files and all subdirectories, and ones used by FrontPage's server extensions. If IIS doesn't have those rights set, you will get the login screen no matter which way you set the rights in the content directories (by default \inetpub\

http://wwwroot,

etc) for everything but pure HTML pages, since IIS uses the anonymous ID to load the various DLLs used to process things like ASP, SSI, password change requests (those .HTR templates under IISADMPWD in the default web site), FrontPage server extensions, CGI scripts,... you get the idea. Reinstallation won't help, since the setup in the Option Pack won't change the rights anywhere but in \inetpub\

http://wwwroot.

You can try running the FrontPage Server Administrator to run a security check, which usually corrects improper rights, but it might not get all of them.<br>
<br>
I've considered the possibility of trying to install IIS from an admin-equivalent account which was restricted to have the bare minimum access rights so that the setup would be forced to configure the proper rights; this would be a test scenario, of course.<br>
<br>
It probably seemed to work from the NT server console, since you were probably logged in as an administrator and you were probably using IE which meant that, by virtue of NTLM authentication, IIS was using your admin ID to access all of those files. It then failed when you attempted to access the web server from an unauthenticated computer, which meant that IIS tried to load the DLLs using the anonymous ID.<br>
<br>
I hope this helps.

 

[databarn]

BrotherMaynard,<br>
<br>
Your missiv is most dismaying. I'm about to have to do the same thing that jvogel did (on one box), and am about to do an update/install on another box.<br>
<br>
I am filled with foreboding, as I am _not_ comfortable with NT. Is there a resource you might recommend for this, or is this likely gonna be another 'learn-by-doing' exercise (and me with my learn-by-doing muscle practically useless)?<br>
<br>
OK, misgivings aside, I'm about to install Back Office for remote administration, which is not quite the same as the above, but it sounds pretty close. On one (clean) box, I'll do a straightforward BO install, with most of the bells and whistles. On another box, I'll be adding BO support to an already installed NT 4.0 and SQL Server 7,0 base. Are you aware of any obvious (or, more importantly, not-so-obvious) problems to be addressed for external access? I'm learing NT on a mistake-by-mistake basis, and have found little of value in the volumes I've read to change that particular [OJT] mode.<br>
<br>
Make a good day . . .<br>
. . . barn<br>

 

[Andrew Bosch]

The clean install should be straightforward, unless you choose to tighten the file system ACL's. Then you need to keep in mind the way in which IIS and the other server applications work in order to set the proper rights. The main concern with IIS is the anonymous ID (IUSR_&lt;machine name&gt, which is used for all of IIS's system file accesses and the out-of-process ID (IWAM_&lt;machine name&gt, which is used when you set a CGI or ISAPI application to run in a separate thread from IIS's processes (it's causes a slighly slower response but it's supposed to be more stable). As a side note, the FTP, NNTP, and SMTP services also use the anonymous ID for access.<br>
<br>
The default set of rights, where Everyone has Full Control all over the entire volume, means that IIS, and everything else, will work like a charm. It also means that anyone who logs into the console or manages to circumvent the service security will have access to everything but the event logs and the print spooler directories.<br>
<br>
BO's remote admin, being a set of web pages, generally works by default, since you would want to log in as the admin to use them, anyway. If you need to set up a publicly accessable web server with BO, you will want to move the default web site to a weird port number (by default it also only responds to the loopback address (127.0.0.1 - localhost) and not to any outside address) to reduce the possibility of hacking. Put your public access pages on a different virtual server. Never use the default web site for public access since it has the admin pages.<br>
<br>
Don't forget to put on SP4 after you install NT and before continuing to the rest of the BO install and again after you finish installation, since the Option Pack and some of the other apps will overwrite more than a few system files with old ones and the NT install only has SP1 code. Both IIS and NT have a number of post-SP4 patches, too, and you will likely want to have them installed.<br>
<br>
I learned about IIS mostly through playing around with test systems and even messing with NT Workstation and the Personal Web Server at home (IIS won't install on NT Workstation), since the PWS is a crippled IIS, as it has a max capacity of 10 browsers at a time and doesn't allow multiple authors, but otherwise looks and acts exactly like IIS. Other resources are the online docs, which are somewhat hard to read but they do explain a few things about basic operation and configuration, the MS KnowledgeBase which also has a number of things about IIS, but you really have to search for them, and TechNet, which is a subscription CD and online service you can get from MS which has tips, docs, patches, and a snapshot of the KnowledgeBase. Look around for the SAMS Publications Unleashed series books; I should think that there would be a few about IIS, if not NT. Naturally, newsgroups and forums like this one are also quite useful . <br>
<br>
Hope this helps<br>

 

[Guest_imported]

Thanks for all your help. I reset the permissions for IUSER_Nt_Server, somehow this account had NO permission!!Everything seems to be working okay now! Thanks alot!<br>
<br>
John Vogel<br>
WebMaster<br>

http://www.computerwiz.Net<br>

<br>
email: jvogel@computerwiz.net

 

[Praneel]

How do I post a question on this Tek_tips billboard.