Configuring Subauthentication After Upgrading to IIS 6.0 (IIS 6.0)

When you upgrade a server to IIS 6.0 from an earlier version of IIS that uses subauthentication to manage passwords on anonymous accounts, subauthentication is enabled by default. The AnonymousPasswordSync Metabase Property is set to true. However, two additional configuration tasks must be completed before subauthentication will work correctly in IIS 6.0. Your event log should have entries about this.


You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer\Administrator cmd to open a command window with administrator rights and then type cscript.exeScriptName (include the script's full path and any parameters).


To configure subauthentication after upgrading to IIS 6.0 from an earlier version of IIS configured to use subauthentication


Register Iisuba.dll by opening a command prompt and then typing the following:

rundll32 %windir%\system32\iissuba.dll,RegisterIISSUBA


Run all worker processes that use Anonymous authentication as LocalSystem. For more information about configuring worker process identities, see Configuring Worker Process Identities.

Related Information

For information about configuring subauthentication on a clean installation of IIS 6.0, see Configuring Subauthentication on a New Installation of IIS 6.0.

For information about configuring subauthentication on a new installation of IIS 6.0 that is configured to run in IIS 5.0 isolation mode, see Configuring Subauthentication in IIS 5.0 Isolation Mode.

© 2017 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy & Cookies