IWAM account recreated on restart

[homer]

re: Microsoft Knowledge Base Article - 822165
an IWAM account is being created with a computer name
that no longer applies (old name, changed to a different
name after setup). can not delete! have disabled. am
experiencing some security issues with anon access to
virtual directories in iis 5.1. is disable enough, or is
there a way to permanently remove the IWAM for the
computer name that no longer exists?

 

[Steven Umbach]

You might have better luck posting in an IIS newsgroup. However, that may not be
the account that is allowing anonymous access but the IUSR_machinename account
or what ever account that is configured for anonymous access. You also can
disable anonymous access for those virtual directories in directory security
keeping in mind that basic authentication will allow passwords to be in clear
text. I suggest that you also run the IIS lockdown tool on your server after
doing a backup of at least the System State. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;323640
http://support.microsoft.com/default.aspx?scid=kb;en-us;325864

 

[Roger Abell [MVP]]

I suspect that something else is recreating the account,
or you are misreading the account being readded to some
User Rights as it being recreated. IIS creates the IUSR_
and IWAM_ accounts only during IIS installation.
Not repeatedly. The account will be readded to some
User Rights if you remove it from them however.

Changing the name of the machine will not cause IIS
to change the names of its two accounts that are used
for unauthenticated accesses.

So, if it is actually gone and then recreated, you have some
non-MS software doing this.