AnonymousPasswordSync
The AnonymousPasswordSync property indicates whether IIS should handle the user password for anonymous users attempting to access resources. The following list details the behavior of this property:
- If AnonymousPasswordSync is set to false the administrator must manually set the AnonymousUserPass property to the anonymous user password, otherwise anonymous access will not function properly.
- If AnonymousPasswordSync is set to true, the anonymous user password is set by IIS.
- If AnonymousPasswordSync is set to true, and the value of the metabase property AllowAnonymous is set to false, no users will be permitted to log on to the FTP server.
- For anonymous password synchronization to work when the domain controller for the IIS server is running Windows 2000, you must have sub-authentication enabled. See "Enabling Sub-Authentication" in IIS Help, which is accessible from IIS Manager.
.gif)
Important Setting AnonymousPasswordSync on a server running IIS 6.0 has no effect unless you run your application under the System identity and enable sub-authentication. However, it is strongly recommended that you never run an application under the System identity because of the risk it poses to security. If your application contains a buffer-overrun, a malicious user can do anything they want under the guise of the System identity. Also, sub-authentication is not enabled by default on a new installation of IIS 6.0. (See "Enabling Sub-Authentication" in IIS Help, which is accessible from IIS Manager.) This new default behavior of IIS 6.0 might break old applications that use anonymous authentication.
| Attribute Name | Attribute Value |
|---|---|
| XML Data Type | Boolean |
| WMI Data Type |
Boolean
|
| ADSI Data Type | Boolean |
| ABO Data Type | Boolean |
| ABO Metabase identifier |
MD_ANONYMOUS_USE_SUBAUTH
|
| Attributes | INHERIT |
| Default Value | true |
| MetaFlagsEx | CACHE_PROPERTY_MODIFIED |
| User Type | IIS_MD_UT_FILE |
| StartingNumber | Not applicable |
| EndingNumber | 0 |
| ID | 6022 |
Configurable Locations
You can configure this property at the following locations in the IIS metabase.
| Metabase Path | IIS Admin Object Type |
|---|---|
| /LM/W3SVC/n/ROOT /LM/W3SVC/n/ROOT/virtual_directory_name |
IIsWebVirtualDir |
| /LM/W3SVC/n | IIsWebServer |
| /LM/MSFTPSVC/n | IIsFtpServer |
| /LM/W3SVC | IIsWebService |
| /LM/MSFTPSVC | IIsFtpService |
| /LM/W3SVC/n/ROOT/file_name /LM/W3SVC/n/ROOT/virtual_directory_name/file_name |
IIsWebFile |
| /LM/W3SVC/n/ROOT/physical_directory_name /LM/W3SVC/n/virtual_directory_name/physical_directory_name |
IIsWebDirectory |
| /LM/NNTPSVC | IIsNntpService |
| /LM/NNTPSVC/n | IIsNntpServer |
| /LM/SMTPSVC | IIsSmtpService |
| /LM/SMTPSVC/n | IIsSmtpServer |
Code Example
For general code examples, please see Code Examples to Configure Metabase Properties