IUSR - Anonymous Logon

  • Thread starter Thread starter Amin
  • Start date Start date
A

Amin

Hi,

Microsoft Security for Windows 2003 Document suggest adding "Anonymous
Logon" to "Deny Access to this computer from network" for IIS Hardening. Is
this a correct setting for internet-facing web servers?! because I think
this setting will avoid internet users' access to web server and just
authenticated users can access web server. (IUSR is treated as Anonymous
Logon, right?)

Regards,
Amin.
 
Amin said:
Hi,

Microsoft Security for Windows 2003 Document suggest adding "Anonymous
Logon" to "Deny Access to this computer from network" for IIS Hardening. Is
this a correct setting for internet-facing web servers?! because I think
this setting will avoid internet users' access to web server and just
authenticated users can access web server. (IUSR is treated as Anonymous
Logon, right?)

Regards,
Amin.
Click to expand...

"Anonymous Logon" refers to connection where the user has not supplied any
user credentials. When a user accesses a web server, he/she is not
authenticated, BUT the IIS server will authenticate them as the IUSR_machine
name, which is a know local user account, and is not anonymous.

The "Anonymous Logon" could be users trying to access DCOM, RPC, LDAP etc on
that computer and not supplying any user credentials.


Arild
 
Back
Top