Today I faced a very interesting problem: How to set back a site, in Windows 2003, to anonymous access once its password has been accidentally changed in the Directory Security?

Besides the very intriguing fact of "How could someone do that?!", it's equally fascinating that just clicking "Enable anonymous access" and leaving the password field empty won't bring your site back. Neither using "guest" nor "anonymous".

What's going on here is that some Windows account passwords are set automatically and are never known. Once you have them out of sync you have a "Oh, man!" kind of big problem since your customer is calling all the time asking: "Why my password is asking for user and password?! WHY WHY WHY?!".

Fixing this is easy but a little tricky. Here are the steps:

1 -- Open C:InetpubAdminScriptsadsutil.vbs and search for the function IsSecureProperty. It should be something like:

Function IsSecureProperty(ObjectParameter,MachineName)

    On Error Resume Next
    Dim PropObj,Attribute
    Set PropObj = GetObject("IIS://" & MachineName & "/schema/" & ObjectParameter)
    If (Err.Number <> 0) Then
        ReportError ()
        WScript.Echo "Error trying to get the property: " & err.number
        WScript.Quit (Err.Number)
    End If
    Attribute = PropObj.Secure
    If (Attribute = True) Then
        IsSecureProperty = True
    Else
        IsSecureProperty = False
    End If

End Function

2 -- Edit it TEMPORARILY to always return false:

Function IsSecureProperty(ObjectParameter,MachineName)

    ' On Error Resume Next
    ' Dim PropObj,Attribute
    ' Set PropObj = GetObject("IIS://" & MachineName & "/schema/" & ObjectParameter)
    ' If (Err.Number <> 0) Then
        ' ReportError ()
        ' WScript.Echo "Error trying to get the property: " & err.number
        ' WScript.Quit (Err.Number)
    ' End If
    ' Attribute = PropObj.Secure
    ' If (Attribute = True) Then
        ' IsSecureProperty = True
    ' Else
        ' IsSecureProperty = False
    ' End If
    IsSecureProperty = False

End Function

3 -- Now your are ready to retrieve the built-in anonymous password by using the following command:

cscript adsutil.vbs get w3svc/anonymoususerpass

4 -- or the IWAN password by using:

cscript adsutil.vbs get w3svc/wamuserpass

5 -- Remove the adsutil.vbs modifications and set the password in the Directory Security.

Note: If instead of using get to retrieve the built-in password, you think it's better to set a new password, you may use the set command and after that you should run cscript synciwam.vbs -v to sync up the new password in all the services.

That's it! And... yeah, the blog is not dead xD