Any User Can Log on to FTP Server with Disabled Anonymous Logon (164507)



The information in this article applies to:

  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 4.0

This article was previously published under Q164507

SYMPTOMS

A Windows NT 4.0 FTP server can be accessed by any user when the anonymous logon is disabled.

CAUSE

The profile name, IUSR_COMPUTERNAME, does not require a password.

RESOLUTION

There are 2 resolutions to this issue:
  1. Set up the user, IUSR_COMPUTERNAME, with a password in User Manager for Domains.

    Because an anonymous logon is not allowed, putting a password on this account will not affect anything but an anonymous logon. This user account is set up specifically for Internet Server Anonymous Logon.

    NOTE: If you change the password for this account in User Manager for Domains AND you have a World Wide Web Server on the same computer, you will need to run Internet Service Manager. Double-click the WWW service, and change the Anonymous Logon Password for the IUSR_COMPUTERNAME user to what you changed it to in User Manager for Domains. This way, users that connect to your WWW Server anonymously can get access to the page.

    -or-
  2. Apply the hotfix mentioned in this article.

STATUS

Microsoft has confirmed this to be a problem in Windows NT version 4.0. This problem was corrected in the latest Microsoft Windows NT 4.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces):

S E R V P A C K


Modification Type:MajorLast Reviewed:8/8/2001
Keywords:kbbug kbnetwork kbusage KB164507