When a client accesses a web site on anonymous authentication IIS uses a pre configured account to access the corresponding files on disk. In IIS 5.0 / 6.0 we used a local account called the IUSR_machinename for anonymous authentication. With IIS 7.0 we moved to a generic built in account called IUSR which is now machine dependent.
But in IIS 7.0 you also have the option to use the application pool identity as the anonymous user identity.
In IIS 6.0 if you wanted to use the application pool identity for anonymous access you would have to configure it manually under the Authentication Settings. This would mean the username and password would be saved in multiple locations. Whenever you had to change the password you would have to reset it in the application pool settings and then in the authentication settings.
With IIS 7.0 you just have to configure the user identity in the application pool settings. And in the properties of the Anonymous Authentication module select the Application pool identity option.
Would you recommend changing the login for the application from the default NetworkService to IUSR?
Is there any difference if you use the default NetworkService vs IUSR?
And then in the properties of the Anonymous Authentication module select the Application pool identity option?
How do you do this via the command line for any specific site or virtual directory?
Same question as Mozleron... Can anyone tell us how you can configure this from the commandline ?
you can configure this via the cmdline by setting both the username and password to ""
in powershell you'd do it like this
Set-WebConfigurationProperty -Filter /system.WebServer/security/authentication/AnonymousAuthentication -Name userName -value "" -Location $site.name
Set-WebConfigurationProperty -Filter /system.WebServer/security/authentication/AnonymousAuthentication -Name password -value "" -Location $site.name