IIS on a Domain Controller

  • Thread starter Thread starter Joe Banks
  • Start date Start date
J

Joe Banks

We have a remote location that we need to run a web based application on
but we would also like to make it into a DC. Here is the problem... when
we promoted the box to a DC; the IUSR and IWAM accounts no longer exist. I
uninstalled and re-installed IIS but it seems to still look for a local
IUSR and IWAM. Once I demote the machine and re-installed IIS everything
works. How can I run IIS on a DC? I have looked in the knowledge base but
I really couldn't find anything.

Any help would be appreciated.

Thanks!
 
It's not a fantastic idea to run IIS on a DC, but if you have to, you can
set your websites to run under any account you like. It'd have to be a
domain account, obviously, since there will be no local accounts.

Go into the IIS manager, pull up the properties of your site, and click the
top Edit button on the directory security tab to change the user account
used for anonymous access for that site.

Ray at home
 
That is odd, I have always seen it there in Active Directory Users and Computer.
However on a domain controller, that account has excessive rights since it is a
member of the domain users group, therefore it would be better to create a different
account and make it a member of just the guests group and in account properties
select user can not change password and password never expires and then disabling the
original Iusr_ account if it is there. IIS runs fine on a dc, but it does create a
security risk when the dc is exposed to the internet. Be sure to configure your
firewall to only accept traffic from trusted locations if possible and run IIS
Lockdown tool [backing up settings first] on the dc before you expose IIS service to
the internet. See links below for more information including how to define directory
security for IIS and hazards of using certain methods such as basic and digest. ---
Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308160
http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp
 
Back
Top