Controlling Anonymous Use
For many Internet and intranet servers, almost all World Wide Web, FTP, and Gopher access is anonymous. While this means that the server does not authenticate and track individual access rights for this class of user, it does not mean that the administrator must cede control completely over available resources. With Microsoft Internet Information Server, anonymous access can be tightly controlled and monitored.
When Microsoft Internet Information Server is installed, it creates a special Windows NT account for anonymous users (by default, this user account is called "IUSR_" plus the computer name -- for example, for computer WWWSERV, the user account is IUSR_WWWSERV). All anonymous Internet requests are serviced in the context of this user, so administrators can explicitly set permissions for anonymous use on any or all documents in the organization. A randomly generated password will be assigned to this user account. For maximum security, Microsoft suggests that administrators change the password assigned to this account to a secure password of their own choosing.
Note: If IIS is installed on a stand alone or domain member server, the anonymous account will be created on that machine. If IIS is installed on a primary or backup domain controller, the anonymous account will be created in the domain. If IIS is to be installed on multiple computers in the same domain, adminstrators may wish to change the anonymous accounts to a single anonymous user account used by all servers. Use the following steps to do this:
- Create a new anonymous user account in the domain by using the Windows NT User Manager. See your Windows NT Server documentation for details.
- For each Internet Information Server in the domain, from the Internet Service Manager, for each service (WWW, FTP, Gopher) that is to use this anonymous account, set the account and password on the Service property sheet.
