- May 19, 2011
- 20,386
- 15,083
- 136
I think I've just figured this out, but a sanity check with some fellow IIS admins around here would be appreciated!
It seems to me that =>IIS7 is different in the respect of what file system privileges are required in order for an anonymous web user to access a website hosted on IIS.
On older versions of IIS, IUSR_MACHINENAME was the account used for anonymous browsing, and IWAM_MACHINENAME was used for anonymous browsing but with a website that did more dynamic stuff (ASP etc, things that ought to be a bit more sandboxed).
On IIS7, it seems to me that the 'IUSR' account (not IUSR_MACHINENAME, which, while it still exists, I'm not sure why) and "NETWORK SERVICE" must be able to access the location for which anonymous browsing is desired.
I'm not sure what swings and roundabouts, if any, are required for more dynamic content to work.
It seems to me that =>IIS7 is different in the respect of what file system privileges are required in order for an anonymous web user to access a website hosted on IIS.
On older versions of IIS, IUSR_MACHINENAME was the account used for anonymous browsing, and IWAM_MACHINENAME was used for anonymous browsing but with a website that did more dynamic stuff (ASP etc, things that ought to be a bit more sandboxed).
On IIS7, it seems to me that the 'IUSR' account (not IUSR_MACHINENAME, which, while it still exists, I'm not sure why) and "NETWORK SERVICE" must be able to access the location for which anonymous browsing is desired.
I'm not sure what swings and roundabouts, if any, are required for more dynamic content to work.
Facebook
Twitter