The Password for the Default IUSR Account ?

[JohnBates]

hi everyone,

I have this external Access program that is unable to connect to my SQL Server database. Always get error "Login failed for user abc Not associated with a trusted SQL Server connection."

I think it will connect successfully, by passing the IUSR_SONYBMG login.

But I don't know what the password for this account is. The person that configured IIS does not know either.

**** Is there any way to 'extract' the password that IIS assigned for IUSR_SONYBMG ? ****

Thanks, John

 

[Sheco]

The IUSR_MachineName account is automatically created... MachineName is the name of your server.

This is just a local account with very limited permissions. The point of this account is that if a hacker manages to "take over" your web application, they will not have a valid domain account... only a crippled local account... they can deface your website but thats about it.

The password doesnt matter. IIS web server manages it.

Usually when a web application conects to SQL Server, it does so using a SQL Server login rather than an NT account. Check the code of your web application and look for the credentials used to conect to SQL Server... if this is an ASP application then look for the term "ConnectionString" in the code.

 

[JohnBates]

Thanks Sheco.

For what I want to use it for (to enable the Access appl to login successfully), I need to supply a password.

I've tried it without a password and it failed.

(I'm not referring to the web apps login)

We did something not advised - we have our SQL Server db on the IIS webserver.

John

 

[Sheco]

You need to first verify that the thing is supposed to use integrated windows authentication... many web apps use SQL Server authentication instead... as in a login defined inside of SQL Server rather than an account on the local machine or in the Active Directory.

 

[JohnBates]

I thought Microsoft was trying to move everyone to Windows authentication.

John

 

[Sheco]

Oh they are, its just that many web apps use SQL Server authentication because it makes good sense to use the security context of a crippled account for serving up web pages and it also usually makes sense to keep the database on a different machine so that leaves the web developer in between a rock and a hard place... either run the web pages using an Active Directory account, or connect to the database using native database security.

If an Active Directory account is used, the "normal" thing to do is to use something other than the default IUSR_ ... thats why the first thing I would do is to verify exactly how the web application is connecting to the database.

 

[JohnBates]

Sheco,

The web app connects via the IUSR_servername account.

Thank God, we don't have Active Directory - too difficult to administrate.

On Monday, I plan to change the Access module to use the same connection string that we use in the web apps. I think that may be the answer. (May very well not be the best way from a security standpoint, I admit).

Thanks for your replies.

John