Setting Up a Null Session for Cross-Domain Logging

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Remotely logging files to a UNC share in a different domain requires configuring the remote share as a null session share. A null session connection is an unauthenticated connection. When IIS attempts to access a remote Microsoft Windows server resource, such as a file share, using a null session, the operation might fail if the file share is not configured as a null session share, or if there are any registry, group, or policy restrictions set on the server hosting the file share.


Using Registry Editor incorrectly can cause serious problems that require reinstalling the operating system. Because Registry Editor bypasses the standard safeguards that prevent you from entering settings that are conflicting or likely to degrade performance or damage your system, exercise caution when making changes to the registry. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. For information about how to edit the registry, see "Changing Keys and Values" in Registry Editor Help.


To enable null session access

  1. From the Start menu, click Run.

  2. In the Open box, type Regedit.exe, and click OK.

  3. Navigate to and double-click the following key in the registry:



    NullSessionShares is a REG_MULTI_SZ value.

  4. On a new line in the NullSessionShares key, type the name of the share that you want to access with a null session, for example, public.

  5. Navigate to and click the following key in the registry:


  6. From the Edit menu, point to Add, click DWORD Value and then add the following registry value:

    Name: RestrictAnonymous

    Type: REG_DWORD

    Data: 0

  7. Quit Registry Editor.

  8. Restart the server.

If the remote share does not allow your IIS server to write the log file to the designated share after restarting the server, you might need to adjust the Windows security groups and security policies on the remote machine to enable anonymous access.