Configuring Subauthentication

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Subauthentication enables IIS to manage passwords on anonymous accounts. In earlier versions of IIS, the subauthentication component, Iissuba.dll, was enabled by default.

Because using Iissuba.dll can create a security risk, IIS 6.0 does not enable subauthentication by default. However, you can use subauthentication to manage passwords for anonymous accounts by meeting the following requirements:

  • For applications to which you grant anonymous access, the worker process runs as LocalSystem. For more information about configuring worker process identities, see Configuring Worker Process Identities.

  • The subauthentication component, Iissuba.dll, is registered.

  • The AnonymousPasswordSync metabase property on the IISWebService node is enabled (set to true).

The process for configuring subauthentication differs depending on whether you are configuring it on a new installation of IIS 6.0 or after upgrading to IIS 6.0 from an earlier installation of IIS with subauthentication enabled.

This section includes the following information: