IWAM and IUSR Accounts

N

nc

I'm fairly clueless as to why these accounts are needed. I see the
explanation in the account properties, but my question is, does every
server in the domain need to have one of these user accounts?
 
A

Ace Fekay [MVP]

In
nc said:
I'm fairly clueless as to why these accounts are needed. I see the
explanation in the account properties, but my question is, does every
server in the domain need to have one of these user accounts?
Click to expand...

They're default accounts for IIS functionality. Leave them, they won't hurt
a thing. :)

Ace
 
H

Herb Martin

nc said:
I'm fairly clueless as to why these accounts are needed. I see the
explanation in the account properties, but my question is, does every
server in the domain need to have one of these user accounts?
Click to expand...

These are the "anonymous" accounts for an IIS server. Usually
they are local to the SERVER where IIS runs unless you are running
IIS on a DC in which case the only place to create them is in the
domain database.

IUSR is used for "reading" content and IWAM for running processes
on the server -- this split it designed to increase security against
attacks.

You can delete the account from AD (or a server) IF you disable IIS
on a DC (or a server) OR you will never allow for anonymous access
to ANY content.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

CertOpenSystemStore and IUSR / IWAM accounts 4
Firefox Multi-Account Containers 1
IUSR and IWAM Permissions 3
IWAM/IUSR USERS 6
IWAM User 2
IIS problem with Old Server Name 2
Deleted Accounts(E-mail Exchange) HELP!!! 5
UserAccountControl Attribute 9

Top