Event Viewer Does Not Show IUSR_machinename Account Logon (188903)
The information in this article applies to:
- Microsoft Internet Information Server 4.0
This article was previously published under Q188903 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: SYMPTOMS
When troubleshooting Internet Information Server (IIS) permission
problems, it is often useful to turn on Windows NT auditing for successful
and failed logon/logoff events, as suggested by the following article in
the Microsoft Knowledge Base:
185874
: How to Troubleshoot Permissions in IIS 4.0
However, sometimes you may not see the IUSR_machinename account being
logged on to the system when using anonymous access.
CAUSE
This is a result of the account used for anonymous access being cached by
IIS for a short period. If the account is re-used before this period has
elapsed, the account is not logged on again, but instead the cached token
is used and no event is shown in the event viewer.
WORKAROUND
To record each time the IUSR_machinename account is logged on and off, you
can disable the IIS caching of the anonymous user account by setting the
PasswordCacheTTL ASO property to zero.
The following sample code can be called from Visual Basic, ASP, and
Windows Script Host with minimal changes in each environment and will
affect all Web server instances:
Dim oServer
Set oServer = GetObject("IIS://LocalHost/W3SVC")
oServer.PasswordCacheTTL = 0
oServer.SetInfo
Set oServer = Nothing
Please note: There is a performance tradeoff while doing this. The
procedure should be restricted to development and debugging only.
| Modification Type: | Minor | Last Reviewed: | 6/23/2005 |
|---|
| Keywords: | kbprb KB188903 |
|---|
|