Sophos PureMessage & IIS
If the machine is a member server then that account will not existing in AD, it will be a local account. IUSR only goes in to AD if IIS is installed on a domain controller. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
November 12th, 2011 5:25pm
I'm not sure where the best place is to ask this. I've had some problems with Sophos PureMessage, which is an anti-spam/anti-virus app which I have on my Exchange 2010 server (all roles on one server). The anti-spam part of it has a web based console where users can see their spam, except some users are getting prompted for login credentials. I'm going through it with Sophos Support who are asking why the IUSR user for IIS doesn't seem to exist on the server. I have checked that anonymous access is allowed on the server and although the IUSR user is listed as the user for anonymous access, I can't find an IUSR user for that server in Active Directory. Some users have no problems with this web console; some users do.Tim Gowen
November 13th, 2011 4:04am
I'm not seeing it in local users and groups, though.Tim Gowen
December 24th, 2011 10:20am
I'm not seeing it in local users and groups, though. Tim Gowen You aren't going to, as it is a built in account now. http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis/ The account is only created when IIS 6 Compatability is installed. You need to ask Sophos if that is something that they need. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
December 24th, 2011 11:31am
Hello, Dump the security permission from a probkematic and a good user by the following command: Dsacls “distinguishedName of the User” >C:\store.log Here is the detailed steps for getting the distinguishedName of a user: a. Run the Adsiedit.msc from a command prompt. b. Expand “Domain”->”DC=domainName,DC=com”->”CN=Users” c. Right click on ”CN=the problematic user name”, click “Properties”. d. Find the attribute “distinguishedName” attribute. Double click copy the value of it. Please check if there are any difference. Thanks, Simon
December 25th, 2011 2:23am
Sophos have suggested that I give it a try... Checking I see that some of it is not installed, and I wonder if WMI is what I need..? Tim Gowen
December 25th, 2011 5:58am