Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
Subauthentication enables IIS to manage passwords on anonymous accounts. In earlier versions of IIS, the subauthentication component, Iissuba.dll, was enabled by default.
Because using Iissuba.dll can create a security risk, IIS 6.0 does not enable subauthentication by default. However, you can use subauthentication to manage passwords for anonymous accounts by meeting the following requirements:
For applications to which you grant anonymous access, the worker process runs as LocalSystem. For more information about configuring worker process identities, see Configuring Worker Process Identities.
The subauthentication component, Iissuba.dll, is registered.
The AnonymousPasswordSync metabase property on the IISWebService node is enabled (set to true).
The process for configuring subauthentication differs depending on whether you are configuring it on a new installation of IIS 6.0 or after upgrading to IIS 6.0 from an earlier installation of IIS with subauthentication enabled.
This section includes the following information:
Configuring Subauthentication on a New Installation of IIS 6.0: Describes how to configure subauthentication on a new installation of IIS 6.0.
Configuring Subauthentication in IIS 5.0 Isolation Mode: Describes how to configure subauthentication on a new installation of IIS 6.0 that is configured to run in IIS 5.0 isolation mode.
Configuring Subauthentication After Upgrading to IIS 6.0: Describes how to configure subauthentication after upgrading your server to IIS 6.0 from an earlier version of IIS that uses subauthentication.