To remove IUSER from admin group

TheMSsForum.com: The Microsoft Software Forum

We have windows 2000 server with IIS 5.0 installed on it, When I open any
site which I have created in IIS, it prompt for login ID & Password,when I
add IUSER account in local administrator group it works fine.Everyone has
fullcontrol rights on security level on folder.
I want to remove IUSER from local administrator group, kindly suggest where
I need to make changes on the server.
Top

Re: To remove IUSER from admin group by Egbert

Egbert
Tue Oct 19 01:57:43 CDT 2004

"Sri" <Sri@discussions.microsoft.com> wrote in message
news:D7B58945-B7AB-4D7A-9C99-B66884ECDE7F@microsoft.com...
>
> We have windows 2000 server with IIS 5.0 installed on it, When I open any
> site which I have created in IIS, it prompt for login ID & Password,when I
> add IUSER account in local administrator group it works fine.Everyone has
> fullcontrol rights on security level on folder.
> I want to remove IUSER from local administrator group, kindly suggest
> where
> I need to make changes on the server.

Have a look at your NTFS properties! Do your webfolders allow IUSR_x ?

Does your local security policy allow 'log on as a batch job' and 'acccess
this computer from network' ? I ask this because If you ever have dropped
the IUSR account and recreate, it does -not- have these priviliges anymore.

--
compatible web farm Session replacement for Asp and Asp.Net
http://www.nieropwebconsult.nl/asp_session_manager.htm

Top

Re: To remove IUSER from admin group by Sri

Sri
Wed Oct 20 06:41:02 CDT 2004

Hi Egbert,

Yes our system security policy does allow 'log on as a batch job' and
'acccess
this computer from network to IUSER id.

When I open any web page it prompt for login ID & password, IF i add IUSER
account in local administrator group it does not prompt for ID, Password





"Egbert Nierop (MVP for IIS)" wrote:

> "Sri" <Sri@discussions.microsoft.com> wrote in message
> news:D7B58945-B7AB-4D7A-9C99-B66884ECDE7F@microsoft.com...
> >
> > We have windows 2000 server with IIS 5.0 installed on it, When I open any
> > site which I have created in IIS, it prompt for login ID & Password,when I
> > add IUSER account in local administrator group it works fine.Everyone has
> > fullcontrol rights on security level on folder.
> > I want to remove IUSER from local administrator group, kindly suggest
> > where
> > I need to make changes on the server.
>
> Have a look at your NTFS properties! Do your webfolders allow IUSR_x ?
>
> Does your local security policy allow 'log on as a batch job' and 'acccess
> this computer from network' ? I ask this because If you ever have dropped
> the IUSR account and recreate, it does -not- have these priviliges anymore.
>
> --
> compatible web farm Session replacement for Asp and Asp.Net
> http://www.nieropwebconsult.nl/asp_session_manager.htm
>
>
Top

Re: To remove IUSER from admin group by Egbert

Egbert
Mon Oct 25 12:50:27 CDT 2004

"Sri" <Sri@discussions.microsoft.com> wrote in message
news:EE243064-8591-49CA-884B-613CC684ABD9@microsoft.com...
> Hi Egbert,
>
> Yes our system security policy does allow 'log on as a batch job' and
> 'acccess
> this computer from network to IUSER id.
>
> When I open any web page it prompt for login ID & password, IF i add IUSER
> account in local administrator group it does not prompt for ID, Password


Hi Sri,

I asked how your NTFS permissions are..
Can you list them? So I mean the file permissions where your website
resides.


Top

Re: To remove IUSER from admin group by yonlinemanghn

yonlinemanghn
Wed Nov 10 17:27:40 CST 2004

Hello Sri,
Obviously the IUSR account is lacking some NTFS permissions. You can
download and run the tool Filemon (http://www.sysinternals.com) or Authdiag
(http://www.microsoft.com/downloads/details.aspx?FamilyID=e90fe777-4a21-4066
-bd22-b931f7572e9a&DisplayLang=en) to find out which specific files the
IUSR account doesn't have permissions on.

HTH,
Yogita Manghnani
Microsoft Developer Support
Internet Information Server

*********************************************************************
>>Please do not send email directly to this alias. This is an online
account name for newsgroup participation only.<<

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

© 2003 Microsoft Corporation. All rights reserved.
*********************************************************************

Top