IIS release site to password fault refinement

  
                  IIS 7.0, released with Windows Server 2008, is much more powerful than its predecessor, IIS 6, but there are various improvements. Some of these improvements are in terms of security, and some are some sort of replacement of the original operating habits. We found that users often encounter some strange problems, such as the failure of the IIS publishing site to access the password when accessing. Below we list such a common example to explain.

Question:

I am a small company network administrator, just contacted this position, recently the company wants to establish its own corporate website, we have our own server, the operating system used is windows 2003, but I found a problem after publishing with IIS, that is, when I use the IE browser to publish the site, I always have a dialog window that asks me to enter the username and password. Even if I enter the correct Windows account, I can't access it, and I hope that. The realization is that any computer can access the site through the IP address at will, without accessing the password. Some solutions were also searched through the network, and the problem was still not solved after the setup. I hope that the IT168 experts can help me and eagerly wait for a reply.

Answer:

IIS does have this problem under Windows 2003. This is because Windows 2003 has improved directory security. First of all, let's analyze the problems encountered by this netizen. //This article is transferred from www.45it.com computer software and hardware application network

(1) Fault description:
Some page files of a certain site are released under IIS, we set it to 1.htm Through the browsing function in IIS, the page can be successfully accessed. At the same time, we see the information from the access address as http://localhost/1.htm. (Figure 1)

Next, after another computer or changing the local access address to its own IP (for example, 58.129.1.80/1.htm), a dialog asking for a username and password appears. Box, this is the problem encountered by the above netizens. (Figure 2)

In fact, for a site we visit him should not need to enter a username and password, site access should be anonymous. Even if we enter the relevant username and password in the dialog box, we will not be able to pass the verification. The page will display - "You are not authorized to view the page, you do not have permission to view the directory or page, because the access control list ACL is for WEB. The resource on the server is configured." (Figure 3)

(2) Failure Analysis:
It is well known that after installing IIS component service, two accounts will be automatically added in the system, one is IUSER_ computer name (internet guest account) ), the other is the IWAM_ computer name (starting the IIS process account). (Figure 4)

The permissions and account assignments for the usual access pages are all done by the IUSER_computer name (internet guest account). If we ask for a username and password when accessing, it is likely that the account information has been changed. For example, if the password is modified by some software or virus, all we can do is re-install and re-install the IIS component. After all, the IUSER_ computer name ( The internet guest account) user password is automatically generated by the system during the installation of the component, and we cannot reset it by manually setting it. (Figure 5)

(3) Troubleshooting:
If you reinstall IIS still Bunengjiejue problem, root cause lies not IUSER_ computer name (internet guest account), we should from the directory Permission to solve the problem. Find the folder where the page we want to publish (website directory), then right click on it and select "Properties". In the properties window that opens, find the "Security" tab, if there is no IUSER_ computer name (internet guest account) access The existence of permissions, then the problem is here. (Figure 6)

We use the "Add" button to select the IUSER_computer name (internet guest account) in the user list and add it to the directory permission access settings window. (Figure 7)

Next, according to the actual needs for the IUSER_ computer name (internet guest account) account access permissions to the directory, generally give read permission, should not be given Too high a privilege, otherwise users who visit the site are likely to delete the page file or upload the trojan directly. (Figure 8)

After adding the corresponding permissions, it can effectively solve the problem that the user name and password verification window always pops up when accessing the IIS publishing site. In general, the corresponding access rights are set on the site directory we want to publish, and the corresponding IUSR_ computer name in the NTFS permissions is read permission. This issue is not covered if the default site directory is under c:\\inetpub\\wwwroot, which is why most of the use of the default site for external publishing does not occur.

(4) Add some points:
In addition to the above several easy setup errors, the WWW site that is accessed by IIS appears with the user name and password prompt. If the configuration is not properly configured in the IIS settings, the above problem will occur. . For example, right click on "Website" in IIS and select "Properties", then find the "Directory Security" tab, then click "Authentication and Access Control". (Figure 9)

Enable anonymous access in the authentication method window, so that you can use the IUSER_ computer name (internet guest account) account to browse the page information when accessing the WWW site. Also remember not to click "Integrated Windows Authentication" below. (Figure 10)

Another point to note is that there is a "home directory" tab in the properties window of the website. Under this tab, we can view the permissions corresponding to the distribution directory. Remember to be sure Reasonable allocation, if you accidentally give write and directory browsing permissions, then the site you posted is very vulnerable to attack, of course, if you do not add read permissions, then your site will also have no relevant permissions when accessing others. The error message. (Figure 11)

Copyright © Windows knowledge All Rights Reserved