Configuring Subauthentication in IIS 5.0 Isolation Mode

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

When you perform a new installation of IIS 6.0 and then configure the server to run in IIS 5.0 isolation mode, the worker process that is assigned to in-process applications will run as LocalSystem by default. However, for subauthentication to work properly, you must still register Iissuba.dll and configure the AnonymousPasswordSync Metabase Property.

Important

You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer</STRONG>Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).

Procedures

To configure subauthentication after a new installation and after switching to IIS 5.0 isolation mode

1. Register Iissuba.dll by opening a command prompt and then typing the following:

   rundll32 %windir%\system32\iissuba.dll,RegisterIISSUBA

2. At the IisWebService node, set the AnonymousPasswordSync metabase property to true.

Related Information

• For information about configuring subauthentication on a new installation of IIS 6.0, see Configuring Subauthentication on a New Installation of IIS 6.0.

• For information about configuring subauthentication after upgrading your server to IIS 6.0 from an earlier version of IIS that uses subauthentication, see Configuring Subauthentication After Upgrading to IIS 6.0.