IIS 7 and Above
IIS 7 ACL
Last post Jul 16, 2009 07:55 PM by steve schofield
Jul 15, 2009 11:22 AM|TO|LINK
Jul 15, 2009 03:48 PM|steve schofield|LINK
If you are getting an error, enable auditing and look in the security event log.
Windows Server MVP - IIS
Log archival solution
Install, Configure, Forget
Jul 16, 2009 09:40 AM|TO|LINK
Great thanks :) Got the right users and groups now.
Please note that this is a DC running IIS - I am not sure if this is supported but there is one thing I cannot figure out. I know it isn't the best solution but it is for testing purposes only... :).
There is a built-in account for anonymous access to Internet Information Services:
I how ever had to add the below account to make it work:
So I took a look at the Anonymous Authentication Credentials and they were set to IUSR. Fair enough - I would have expected the IIS to set it to the first account (the Domain one) or am I on a detour here?
Note to self:
Add NT AUTHORITY\NETWORK SERVICE:(OI)(CI)R to file security settings as well (Default app pool).
Jul 16, 2009 07:55 PM|steve schofield|LINK
You can run IIS on a domain controller, it's not recommended you run a web server, let alone a internet facing server along on a domain controller. If your system is compremised, they have the keys to the kingdom. The thing you are probably running up
against the local users IUSR or Network service don't have logon on locally permissions since the DC doesn't not have the concept of a 'local SAM' database. I'd recommend creating a app pool account that is used on the DC and grant appropriate permissions.
For my test machine at home, I have a DC running IIS, RRAS with 2 nics. Works fine for most things from a testing perspective,