AnonymousPasswordSync
The AnonymousPasswordSync property indicates whether IIS should handle the user password for anonymous users attempting to access resources. The following list details the behavior of this property:
- If AnonymousPasswordSync is set to false the administrator must manually set the AnonymousUserPass property to the anonymous user password, otherwise anonymous access will not function properly.
- If AnonymousPasswordSync is set to true, the anonymous user password is set by IIS.
- If AnonymousPasswordSync is set to true, and the value of the metabase property AllowAnonymous is set to false, no users will be permitted to log on to the FTP server.
- For anonymous password synchronization to work when the domain controller for the IIS server is running Windows 2000, you must have sub-authentication enabled. See "Enabling Sub-Authentication" in IIS Help, which is accessible from IIS Manager.
Important Setting AnonymousPasswordSync on a server running IIS 6.0 has no effect unless you run your application under the System identity and enable sub-authentication. However, it is strongly recommended that you never run an application under the System identity because of the risk it poses to security. If your application contains a buffer-overrun, a malicious user can do anything they want under the guise of the System identity. Also, sub-authentication is not enabled by default on a new installation of IIS 6.0. (See "Enabling Sub-Authentication" in IIS Help, which is accessible from IIS Manager.) This new default behavior of IIS 6.0 might break old applications that use anonymous authentication.
Attribute Name | Attribute Value |
---|---|
XML Data Type | Boolean |
WMI Data Type |
Boolean
|
ADSI Data Type | Boolean |
ABO Data Type | Boolean |
ABO Metabase identifier |
MD_ANONYMOUS_USE_SUBAUTH
|
Attributes | INHERIT |
Default Value | true |
MetaFlagsEx | CACHE_PROPERTY_MODIFIED |
User Type | IIS_MD_UT_FILE |
StartingNumber | Not applicable |
EndingNumber | 0 |
ID | 6022 |
Configurable Locations
You can configure this property at the following locations in the IIS metabase.
Metabase Path | IIS Admin Object Type |
---|---|
/LM/W3SVC/n/ROOT /LM/W3SVC/n/ROOT/virtual_directory_name |
IIsWebVirtualDir |
/LM/W3SVC/n | IIsWebServer |
/LM/MSFTPSVC/n | IIsFtpServer |
/LM/W3SVC | IIsWebService |
/LM/MSFTPSVC | IIsFtpService |
/LM/W3SVC/n/ROOT/file_name /LM/W3SVC/n/ROOT/virtual_directory_name/file_name |
IIsWebFile |
/LM/W3SVC/n/ROOT/physical_directory_name /LM/W3SVC/n/virtual_directory_name/physical_directory_name |
IIsWebDirectory |
/LM/NNTPSVC | IIsNntpService |
/LM/NNTPSVC/n | IIsNntpServer |
/LM/SMTPSVC | IIsSmtpService |
/LM/SMTPSVC/n | IIsSmtpServer |
Code Example
For general code examples, please see Code Examples to Configure Metabase Properties