IWAM and IUSR Accounts

  • Thread starter Thread starter nc
  • Start date Start date
N

nc

I'm fairly clueless as to why these accounts are needed. I see the
explanation in the account properties, but my question is, does every
server in the domain need to have one of these user accounts?
 
In
nc said:
I'm fairly clueless as to why these accounts are needed. I see the
explanation in the account properties, but my question is, does every
server in the domain need to have one of these user accounts?
Click to expand...

They're default accounts for IIS functionality. Leave them, they won't hurt
a thing. :-)

Ace
 
nc said:
I'm fairly clueless as to why these accounts are needed. I see the
explanation in the account properties, but my question is, does every
server in the domain need to have one of these user accounts?
Click to expand...

These are the "anonymous" accounts for an IIS server. Usually
they are local to the SERVER where IIS runs unless you are running
IIS on a DC in which case the only place to create them is in the
domain database.

IUSR is used for "reading" content and IWAM for running processes
on the server -- this split it designed to increase security against
attacks.

You can delete the account from AD (or a server) IF you disable IIS
on a DC (or a server) OR you will never allow for anonymous access
to ANY content.
 
Back
Top