Configuring Subauthentication in IIS 5.0 Isolation Mode (IIS 6.0)

When you perform a new installation of IIS 6.0 and then configure the server to run in to IIS 5.0 isolation mode, the worker process that is assigned to in-process applications will run as LocalSystem by default. However, for subauthentication to work properly, you must still register Iissuba.dll and configure the AnonymousPasswordSync Metabase Property.


You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer\Administrator cmd to open a command window with administrator rights and then type cscript.exeScriptName (include the script's full path and any parameters).


To configure subauthentication after a new installation and after switching to IIS 5.0 isolation mode


Register Iissuba.dll by opening a command prompt and then typing the following:

rundll32 %windir%\system32\iissuba.dll,RegisterIISSUBA


At the IisWebService node, set the AnonymousPasswordSync metabase property to true.

Related Information

For information about configuring subauthentication on a new installation of IIS 6.0, see Configuring Subauthentication on a New Installation of IIS 6.0.

For information about configuring subauthentication after upgrading your server to IIS 6.0 from an earlier version of IIS that uses subauthentication, see Configuring Subauthentication After Upgrading to IIS 6.0.

© 2017 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies