Share via

Configuring Integrated Windows Authentication in IIS 6.0

Applies To: Windows Server 2003 R2, Windows Server 2003 with SP1

Integrated Windows authentication was formerly called NTLM. This authentication method sends a hash of the user name and password across the network.

Integrated Windows authentication is disabled by default if you install Windows Server 2003 Service Pack 1 (SP1) as part of a slipstream installation of a Windows Server 2003 operating system. If you install Windows Server 2003 SP1 by itself as an upgrade to a Windows Server 2003 operating system, the setting for Integrated Windows authentication is unchanged from its Windows Server 2003 setting. Integrated Windows authentication is enabled by default for Windows Server 2003 operating systems.


You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".


To configure Integrated Windows authentication

  1. In IIS Manager, double-click the local computer; right-click the Web Sites folder, an individual Web site folder, a virtual directory, or a file; and then click Properties.


    Configuration settings made at the Web Sites level are inherited by all of the Web sites on the server. You can override inheritance by configuring the individual site or site element.

  2. Click the Directory Security or File Security tab, and then, in the Authentication and access control section, click Edit.

  3. In the Authenticated access section, select the Windows Integrated Authentication check box.

  4. Click OK twice.