+ Reply to Thread
Page 2 of 2 First 12
Results 26 to 48 of 48

Thread: Anonymous Logon

  1. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #26
    Quote Originally Posted by Silver Bullet
    Quote Originally Posted by w^rl0rd
    If I have a folder w/ it's ACL allowing Anonymous Logon and someone plugged into my network having already locally authenticated locally, they could just type in the UNC path to this folder and access it w/o being prompted for domain credentials. Right?
    No....I just tested on my lab. Shared a folder on my Server and attempted to access it from another computer and was denied.

    Folder was shared as only having the Anonymous Logon Group with Full Control Share Permissions.
    HEHE.....quoting myself.

    Now on the other hand. I removed the Anonymous Logon group and added the everyone group and WINNER! WINNER! CHICKEN DINNER!
    I was then able to access it from another computer that IS NOT ON THE DOMAIN. But again, could not with only the Anonymous Logon group in the ACL.

    Quote Originally Posted by _omni_
    Now to get back to arguing a point that I'm completely theorising on but am sure I'm right:
    Quote:
    The top line reads:
    Anonymous authentication gives users access to the public areas of your Web or FTP site without prompting them for a user name or password. By default, the IUSR_computername account is used to allow anonymous access.

    I believe it is referring to the concept of anonymous access. Where, oh where can you see anything that says "The IUSR account then automatically becomes a member of the Anonymous Logon group..."?

    If you wanted real anonymous access, you would configure the website to grant the Anonymous Logon group access instead of the IUSR account. The fact that the IUSR account must authenticate with the system in order to be used makes it, well, AUTHENTICATED and therefore a member of the Authenticated Users and not the Anonymous Logons.

    icon_biggrin.gif
    Well......we need to tell Microsoft and Sybex then. In the back of my Sybex 70-290 book there is a definitions section. In that Definitions section is a definition of Anonymous Logon Groups and it says:
    Anonymous Logon Group A Windows Server 2003 special group that includes users who access the computer through anonymous logons. Anonymous logons occur when users gain access through special accounts, such as the IUSR_computername and TsInternetUser user accounts. Usually a password is not required, so that anyone can log on.
    Reply With Quote Quote  

  2. SS -->
  3. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #27
    Quote Originally Posted by Silver Bullet
    But again, could not with only the Anonymous Logon group in the ACL.
    In W2K3, anonymous group is no longer a member of the everyone group.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #28
    I stand firmly by my convictions!

    I'm gonna do a test now and prove you all wrong
    Reply With Quote Quote  

  5. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #29
    Quote Originally Posted by sprkymrk
    And did you log in from a computer that was a member of a domain? Then you are not anon possibly, are you? (asking) In which case were there any other permissions applied to other groups?

    Try accessing the share through a net use \\servername\sharename u:"" ""

    (that's a u: no space, double quote no space double quote SPACE double quote no space double quote) - if I remember correctly....
    You are close on the command. Yes I can map the share through CLI but when I attempt to access it with Anonymous LOGON group Share/NTFS permissions....DENIED

    No.....the computer I am testing the access to the share is not on the domain.
    Reply With Quote Quote  

  6. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #30
    Quote Originally Posted by _omni_
    I believe it is referring to the concept of anonymous access. Where, oh where can you see anything that says "The IUSR account then automatically becomes a member of the Anonymous Logon group..."?
    Hey, didn't you read my post?

    Quote Originally Posted by sprkymrk
    When the Internet Information Server product is installed, Setup creates a user account on the server computer to be used for anonymous connections. The username of this account has the form IUSR_<computer_name>. For example, if the server computer name is WEB1, the username created will be IUSR_WEB1. The same anonymous-logon user account is set up for all Internet Information Server services installed on the computer. The account is made a member of the computer's Guest group. This will, in most cases, give anonymous client requests access to public content published on the server.
    Reply With Quote Quote  

  7. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #31
    Quote Originally Posted by sprkymrk
    Quote Originally Posted by Silver Bullet
    But again, could not with only the Anonymous Logon group in the ACL.
    In W2K3, anonymous group is no longer a member of the everyone group.
    I know.....that is why I tested it that way
    Reply With Quote Quote  

  8. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #32
    Quote Originally Posted by _omni_
    Quote Originally Posted by Silver Bullet
    Quote Originally Posted by w^rl0rd
    If I have a folder w/ it's ACL allowing Anonymous Logon and someone plugged into my network having already locally authenticated locally, they could just type in the UNC path to this folder and access it w/o being prompted for domain credentials. Right?
    No....I just tested on my lab. Shared a folder on my Server and attempted to access it from another computer and was denied.

    Folder was shared as only having the Anonymous Logon Group with Full Control Share Permissions.
    Perhaps a policy disables anonymous network access?
    No policy is restricting Anonymous Access.


    Wow w^rlord......you are getting some in depth investigation here.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #33
    Ok all ye doubters...well my experiment had some complications so i'm still working on it, but here's a question for you:

    1. Does the IUSR account need to authenticate with the system in order to be used?

    if yes,
    2a. Is it then a member of the Authenticated Users group?

    if no,
    2b. How then can it be used, how can it have permissions applied to it, etc?
    Reply With Quote Quote  

  10. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #34
    Quote Originally Posted by _omni_
    Ok all ye doubters...well my experiment had some complications so i'm still working on it, but here's a question for you:

    1. Does the IUSR account need to authenticate with the system in order to be used?

    if yes,
    2a. Is it then a member of the Authenticated Users group?

    if no,
    2b. How then can it be used, how can it have permissions applied to it, etc?
    Here is another link for ya..... http://www.microsoft.com/technet/arc....mspx?mfr=true

    The topic is labeled Using the Anonymous Account:
    When IIS is first installed, a user account, called IUSR_computername, is created on the domain or in the local NT user database if the NT Server is a stand-alone server. Here, computername refers to the name of the NT Server. For example, the account created on our office network's primary domain controller was IUSR_KLSENT. This account was created when we initially installed IIS on the machine. In our network, this user account controls the level of access given to anonymous logons for all Microsoft Internet server applications.

    Note: The anonymous account in your environment will be different and will correspond to the computername for each server providing Web services on your network.

    Remember that the WWW server and the Web Proxy Server present authentication requests to the NT security layer as they would any normal user logon. If you have a password assigned to the anonymous account, be sure to indicate that password in the Anonymous Account field, or the WWW server and the Web Proxy Server will be unable to gain anonymous authentication when necessary. Normally, the anonymous account can have no password assigned to it because it doesn't have rights to normal network resources.

    By default, the presence of this account grants anonymous users access to the WWW service without needing any further configuration. However, this is not true with the Web Proxy and WinSock Proxy services. In order to grant anonymous access to the protocols supported by the Web Proxy or the WinSock Proxy, protocol permissions must be granted to the IUSR_computername account, just as permissions for any other network users are granted. This is covered in more detail later in this chapter.
    Reply With Quote Quote  

  11. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #35
    Quote Originally Posted by _omni_
    Ok all ye doubters...well my experiment had some complications so i'm still working on it, but here's a question for you:

    1. Does the IUSR account need to authenticate with the system in order to be used?

    if yes,
    2a. Is it then a member of the Authenticated Users group?

    if no,
    2b. How then can it be used, how can it have permissions applied to it, etc?
    Not sure of the MS answer, but off the top of my head (maybe that's why it hurts, why do I have stuff on top of it?):

    When I visit your web site, did I log in? No.
    Did I enter a password? No.
    Do you know who I am? No.
    Am I anonymous? Yes.

    The IIS service just uses the IUSR account for anonymous log ins. If you want someone to be authenticated, then by definition they must be able to prove they are who they say they are (that's from Sec+ by the way ). I never said who I was. I just typed in your website and you said "let him in".
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #36
    Ha ok no one is falling for my trick question.
    When I visit your web site, did I log in? No.
    Did I enter a password? No.
    Do you know who I am? No.
    Am I anonymous? Yes.

    The IIS service just uses the IUSR account for anonymous log ins. If you want someone to be authenticated, then by definition they must be able to prove they are who they say they are (that's from Sec+ by the way icon_smile.gif ). I never said who I was. I just typed in your website and you said "let him in".
    Yes but while you are at my website, you are IUSR. In order for you to be able to use the IUSR account, it must be authenticated. If it is authenticated, it is a member of the Authenticated Users group. And anything that is a member of Authenticated Users CANNOT be a member of Anonymous Logons.

    So my point is, that while they may be anonymous to you, you don't know who they are and all that nice abstract stuff, they have essentially logged in with the IUSR account and so while you and the system don't know who the person is, you DO know who they logged on as, and that is the IUSR account.
    Again, the fact that they log on as IUSR means that the account must authenticate. The fact that the IUSR account must authenticate means that it is a member of the Authenticated Users group, and thus by definition cannot be a member of the Anonymous Logon group.

    Now i will hit the sack and see if the light has dawned by tomorrow.


    Open your mind...quit reading that MS stuff, it's confusing you... :P
    Reply With Quote Quote  

  13. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #37
    I see your point but......
    Is the IUSR account being Authenticated? YES, it is being authenticated for an Anonymous User which makes it a member of the Anonymous LOGON Group.
    Reply With Quote Quote  

  14. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #38
    Quote Originally Posted by _omni_
    Ha ok no one is falling for my trick question.
    When I visit your web site, did I log in? No.
    Did I enter a password? No.
    Do you know who I am? No.
    Am I anonymous? Yes.

    The IIS service just uses the IUSR account for anonymous log ins. If you want someone to be authenticated, then by definition they must be able to prove they are who they say they are (that's from Sec+ by the way icon_smile.gif ). I never said who I was. I just typed in your website and you said "let him in".
    Yes but while you are at my website, you are IUSR. In order for you to be able to use the IUSR account, it must be authenticated. If it is authenticated, it is a member of the Authenticated Users group. And anything that is a member of Authenticated Users CANNOT be a member of Anonymous Logons.

    So my point is, that while they may be anonymous to you, you don't know who they are and all that nice abstract stuff, they have essentially logged in with the IUSR account and so while you and the system don't know who the person is, you DO know who they logged on as, and that is the IUSR account.
    Again, the fact that they log on as IUSR means that the account must authenticate. The fact that the IUSR account must authenticate means that it is a member of the Authenticated Users group, and thus by definition cannot be a member of the Anonymous Logon group.

    Now i will hit the sack and see if the light has dawned by tomorrow.


    Open your mind...quit reading that MS stuff, it's confusing you... :P
    I will agree with you on your last point only.

    The rest of your explanation sounds like grasping for straws.
    Come - join the dark side. Darth Gates is strong with the power of Windows! Bwahahahah!
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #39
    NEVER! I shall fight to the death!

    READ:
    Quote Originally Posted by Microsoft
    Q: It is my understanding that the IUSR_<servername> account is a member of the Guests group by default. Consequently, how do I secure the IUSR_account, by applying NTFS permissions for Guests group?

    A: Securing the IUSR account is essential, so it is important to understand how the IUSR account is used and to what groups the IUSR account belongs. To help in this, you can use the W3Who.dll program provided in the Windows 2000 Resource Kit. This little jewel will report the username, rights, and the group membership of the user that calls it. To implement this utility, simply call it from a web browser. For example, create a folder in a web site, check that is has anonymous access enabled and that NTFS permissions allow the IUSR account the NTFS execute permission. In addition, mark the folder for Scripts and Executables in the IIS snap-in. Then browse the file in Internet Explorer (http://servername/foldername/w3who.dll).

    The resulting page will reveal a wealth of information about the IUSR account, as follows:

    Access Token

    • 'IISANSWERS\IUSR_IISANSWERS' S-1-5-21-790525478-1993962763-xxxxxxxxxxxxxxx
    • 'IISANSWERS\None' S-1-5-21-790525478-1993962763-xxxxxxxxxxxxxx
    • '\Everyone' S-1-1-0
    • 'BUILTIN\Guests' S-1-5-32-546
    • 'BUILTIN\Users' S-1-5-32-545
    • '\LOCAL' S-1-2-0
    • 'NT AUTHORITY\NETWORK' S-1-5-2
    • 'NT AUTHORITY\Authenticated Users' S-1-5-11
    • SeUndockPrivilege - Remove computer from docking station

    Here, you can clearly see that the IUSR account is a member of Guests, Users, Authenticated Users, the Network Group, and Everyone. Consequently, anonymous users may have access to any resource these groups are permitted to access.
    As you may or may not see, while it refers to them as anonymous users (lowercase), they are NOT a member of the Anonymous Logon group.

    As you can very well see from the above, the IUSR account IS a member of the Authenticated Users group.

    NOW READ THIS:
    Quote Originally Posted by MS
    The Authenticated Users group is similar to the "Everyone" group, except for one important difference: anonymous logon users (or NULL session connections) are never members of the Authenticated Users group.
    GOT IT?? From the first quote, we see that IUSR is a member of the Authenticated Users group, and in the second quote we see that Anonymous Logon users are NEVER members of the Authenticated Users group.
    It can only be one or the other, Authenticated or Anonymous.
    And as we can see, it IS a member of the Authenticated Users group (and did you notice that of the groups listed, Anonymous Logon isn't there?) and therefore CANNOT POSSIBLE be a member of the Anonymous Logon group!



    READ: link
    IUSR_[servername] is a validated login that is used in order to allow
    internet users connecting via IIS access to webpages you have decided should
    be open to the public.

    Its not the same as an anonymous connection at all.
    Reply With Quote Quote  

  16. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #40
    Quote Originally Posted by _omni_
    NEVER! I shall fight to the death!

    READ:
    Quote Originally Posted by Microsoft
    Q: It is my understanding that the IUSR_<servername> account is a member of the Guests group by default. Consequently, how do I secure the IUSR_account, by applying NTFS permissions for Guests group?

    A: Securing the IUSR account is essential, so it is important to understand how the IUSR account is used and to what groups the IUSR account belongs. To help in this, you can use the W3Who.dll program provided in the Windows 2000 Resource Kit. This little jewel will report the username, rights, and the group membership of the user that calls it. To implement this utility, simply call it from a web browser. For example, create a folder in a web site, check that is has anonymous access enabled and that NTFS permissions allow the IUSR account the NTFS execute permission. In addition, mark the folder for Scripts and Executables in the IIS snap-in. Then browse the file in Internet Explorer (http://servername/foldername/w3who.dll).

    The resulting page will reveal a wealth of information about the IUSR account, as follows:

    Access Token

    • 'IISANSWERS\IUSR_IISANSWERS' S-1-5-21-790525478-1993962763-xxxxxxxxxxxxxxx
    • 'IISANSWERS\None' S-1-5-21-790525478-1993962763-xxxxxxxxxxxxxx
    • '\Everyone' S-1-1-0
    • 'BUILTIN\Guests' S-1-5-32-546
    • 'BUILTIN\Users' S-1-5-32-545
    • '\LOCAL' S-1-2-0
    • 'NT AUTHORITY\NETWORK' S-1-5-2
    • 'NT AUTHORITY\Authenticated Users' S-1-5-11
    • SeUndockPrivilege - Remove computer from docking station

    Here, you can clearly see that the IUSR account is a member of Guests, Users, Authenticated Users, the Network Group, and Everyone. Consequently, anonymous users may have access to any resource these groups are permitted to access.
    As you may or may not see, while it refers to them as anonymous users (lowercase), they are NOT a member of the Anonymous Logon group.

    As you can very well see from the above, the IUSR account IS a member of the Authenticated Users group.

    NOW READ THIS:
    Quote Originally Posted by MS
    The Authenticated Users group is similar to the "Everyone" group, except for one important difference: anonymous logon users (or NULL session connections) are never members of the Authenticated Users group.
    GOT IT?? From the first quote, we see that IUSR is a member of the Authenticated Users group, and in the second quote we see that Anonymous Logon users are NEVER members of the Authenticated Users group.
    It can only be one or the other, Authenticated or Anonymous.
    And as we can see, it IS a member of the Authenticated Users group (and did you notice that of the groups listed, Anonymous Logon isn't there?) and therefore CANNOT POSSIBLE be a member of the Anonymous Logon group!



    READ: link
    IUSR_[servername] is a validated login that is used in order to allow
    internet users connecting via IIS access to webpages you have decided should
    be open to the public.

    Its not the same as an anonymous connection at all.
    Hi _omni_:
    what are you, some kind of research freak?
    Can you provide the source for your first MS quote? I am curious whether that is a "Default" setup or rather an example that had been changed from defaults in order to demonstrate the w3who.dll utility.

    Also, I wouldn't necessarily call the second quote (with the link you provided) as authoritative.

    I'm not saying you're wrong, but I am also not entirely convinced you're right yet based on all the other information I have seen so far. It's been a great and educational thread so far, eh?

    At any rate, I realize we have strayed from the original question posted by w^orld. I think we bored him to death, since he seems to have left this thread for greener pastures!
    Have a good one, everyone!
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #41
    1. http://www.microsoft.com/technet/com.../iisi1201.mspx
    2. http://support.microsoft.com/?kbid=143474
    3. True, it isn't "authoritative". However I am simply finding quotes/articles to back me up. Like this.

    ALSO:
    The IUSR account is a member of the Everyone & Authenticated Users groups. The IUSR account has the Access this computer from the network and Log on locally User Rights. So, specifically deny access for the IUSR account on everything, then grant the IUSR account access only where needed.
    http://searchwindowssecurity.techtar...997908,00.html
    Authenticated Users includes the IUSR anonymous Web user account but omits null connections and users who are members of the Guests group only.
    http://www.windowsitpro.com/Web/Arti...934/25934.html
    Also take a look at your IUSR account, see what it is a member of. By default it will be a member of Guests and Domain Users.
    IF it is a member of Domain Users, it MUST be authenticated. IF it is authenticated, it is automatically a member of the Authenticated Users group. And no member of the Authenticated Users group can possibly be a member of Anonymous Logon.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #42
    Ok I got some help from another board (I'm insistent, aren't I!). Here's a link (tx d-Factor) from Microsoft Technet Mag, read it and weep!

    Just like any user, the IUSR account has some group memberships. Giving permissions to any of these groups gives the IUSR account access to the content. The default memberships are: Everyone, Users, Guests, Authenticated Users, Network, Domain Users (if IIS is on a domain controller), and Web Anonymous Users (if the IIS portion of the Security Configuration Wizard has been run).
    http://www.microsoft.com/technet/tec...b/default.aspx
    Microsoft themselves say that IUSR is by default a member of Authenticated Users (and you can see for yourselves if you have that w3who.dll).

    With that in mind, I will quote this for the Nth time:
    The Authenticated Users group is similar to the "Everyone" group, except for one important difference: anonymous logon users (or NULL session connections) are never members of the Authenticated Users group.
    http://support.microsoft.com/?kbid=143474
    As it plainly says, Anonymous Logon users are NEVER members of the Authenticated Users.
    Since, as the first quote shows, IUSR is by default a member of the Authenticated Users, it can NEVER be a member of Anonymous Logon group.




    I await the humblest and most sincere apologies, as well as recognition as the one true saviour (of the thread, anyhow ).
    Reply With Quote Quote  

  19. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #43
    http://technet2.microsoft.com/Window...60b9f1033.mspx


    I think this is a situation where you are not seeing the forest for the trees.

    Quote Originally Posted by _omni_
    I await the humblest and most sincere apologies, as well as recognition as the one true saviour (of the thread, anyhow icon_biggrin.gif
    Never Muah hahahahha
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #44
    I can't believe that you don't get it!

    Anonymous access isn't the same as Anonymous Logon.
    Yes, you are allowing anonymous access IN THE SENSE that they can "log on" without entering usename and pass.
    BUT the big difference is that you already have an account configured for them to use. That account will be authenticated, which will...read my above posts.

    Also, notice that in your link the only time is says Anonymous Logon is:

    1. In lowercase (therefore not referring to the group, which would be capitalised)
    2. In quotation marks. That in no way implies the group.



    It's as simple as this:

    Can an account that is a member of Domain Users also be a member of Anonymous Logon?

    NO!

    Now go check your IUSR account, see who it is a member of.


    DONE!




















    yay...
    Reply With Quote Quote  

  21. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #45
    Okay, okay okay _omni_... I guess technically you're ri... righ.... right. There, I said it. :P

    What I seem to gather from all this is that the IUSR is anonymous in the sense that we don't know who he is. However, the vast wisdom of MS has determined that this particular user, while anonymous, is NOT a member of the group "Anonymous Logon". Go figure. IUSR=Anonymous, just not Anonymous Logon.

    What was the original question?

    I don't know about you Silver Bullet, but I'm gonna have to give this round to _omni_. He out-googled me.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Nov 2005
    Location
    UK
    Posts
    863

    Certifications
    MCSE 2003, MCSA:M, MCDST
    #46
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Jan 2003
    Location
    Orange County, CA.
    Posts
    337

    Certifications
    A+, Network+, MCP - Windows XP, MCSA - Windows Server 2003, MCTS - Exchange Server 2007
    #47
    Thanks everyone. When someone can figure out how to access an NTFS folder (not a web page ) with an "Anonymous Logon," I'd love to hear it. Thanks.
    Reply With Quote Quote  

  24. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #48
    Quote Originally Posted by w^rl0rd
    Thanks everyone. When someone can figure out how to access an NTFS folder (not a web page ) with an "Anonymous Logon," I'd love to hear it. Thanks.
    Here....try this w^rlord. I haven't tested myself but it looks like a good starting point.
    http://technet2.microsoft.com/Window....mspx?mfr=true
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 2 First 12

Social Networking & Bookmarks