Article ID: 188903
This article was previously published under Q188903
This article has been archived. It is offered "as is" and will no longer be updated.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
When troubleshooting Internet Information Server (IIS) permission problems, it is often useful to turn on Windows NT auditing for successful and failed logon/logoff events, as suggested by the following article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/185874/EN-US/ ): How to Troubleshoot Permissions in IIS 4.0
However, sometimes you may not see the IUSR_machinename account being logged on to the system when using anonymous access.
This is a result of the account used for anonymous access being cached by IIS for a short period. If the account is re-used before this period has elapsed, the account is not logged on again, but instead the cached token is used and no event is shown in the event viewer.
To record each time the IUSR_machinename account is logged on and off, you can disable the IIS caching of the anonymous user account by setting the PasswordCacheTTL ASO property to zero.
The following sample code can be called from Visual Basic, ASP, and Windows Script Host with minimal changes in each environment and will affect all Web server instances:
Please note: There is a performance tradeoff while doing this. The procedure should be restricted to development and debugging only.