Today I faced a very interesting problem: How to set back a site, in Windows 2003, to anonymous access once its password has been accidentally changed in the Directory Security?
Besides the very intriguing fact of "How could someone do that?!", it's equally fascinating that just clicking "Enable anonymous access" and leaving the password field empty won't bring your site back. Neither using "guest" nor "anonymous".
What's going on here is that some Windows account passwords are set automatically and are never known. Once you have them out of sync you have a "Oh, man!" kind of big problem since your customer is calling all the time asking: "Why my password is asking for user and password?! WHY WHY WHY?!".
Fixing this is easy but a little tricky. Here are the steps:
1 -- Open C:InetpubAdminScriptsadsutil.vbs
and search for the function IsSecureProperty
. It should be something like:
On Error Resume Next
Dim PropObj,Attribute
Set PropObj = GetObject("IIS://" & MachineName & "/schema/" & ObjectParameter)
If (Err.Number <> 0) Then
ReportError ()
WScript.Echo "Error trying to get the property: " & err.number
WScript.Quit (Err.Number)
End If
Attribute = PropObj.Secure
If (Attribute = True) Then
IsSecureProperty = True
Else
IsSecureProperty = False
End If
End Function
2 -- Edit it TEMPORARILY to always return false
:
' On Error Resume Next
' Dim PropObj,Attribute
' Set PropObj = GetObject("IIS://" & MachineName & "/schema/" & ObjectParameter)
' If (Err.Number <> 0) Then
' ReportError ()
' WScript.Echo "Error trying to get the property: " & err.number
' WScript.Quit (Err.Number)
' End If
' Attribute = PropObj.Secure
' If (Attribute = True) Then
' IsSecureProperty = True
' Else
' IsSecureProperty = False
' End If
IsSecureProperty = False
End Function
3 -- Now your are ready to retrieve the built-in anonymous password by using the following command:
4 -- or the IWAN password by using:
5 -- Remove the adsutil.vbs modifications and set the password in the Directory Security.
Note: If instead of using get to retrieve the built-in password, you think it's better to set a new password, you may use the
set
command and after that you should runcscript synciwam.vbs -v
to sync up the new password in all the services.
That's it! And... yeah, the blog is not dead xD