locked
CRM 4 IUSR_??? RRS feed

  • Question

  • When I install CRM 4, the CRM website in IIS is mainly set to be integrated authentication. However, the _img and _static sub directories are set to use annonymous auth, with the local IUSR account used.

     

    Does anyone know why this is the case (why those 2 dirs are annonymous)

     

    And, does anyone know if we can specify an account to use (in command line install config.xml) rather than IUSR

     

    Tuesday, January 29, 2008 1:45 PM

Answers

  • I think its because _img folder contains images which are almost publically available. So can be the case with _static folder.

    In MS CRM 3 these folders were also set to integrated security. I don't think that in MS CRM 4, switching these back to integrated security will make any negative difference.

     

    Tuesday, January 29, 2008 2:14 PM
  • I think these 2 directories are anonymous because they are accessed directly for all organisations on the CRM server, whereas for all other folders the organisation name as added as part of the url, and CRM has an HttpModule that maps the organisation name and applies the appropriate authentication method. I don't think there is a means to set the account to use in the command line install, but I can't see why it matters, as all the content is static.

     

    If you're trying to tie down the server security, you're probably best creating a script to do this after installation

    Tuesday, January 29, 2008 10:09 PM
    Moderator

All replies

  • I think its because _img folder contains images which are almost publically available. So can be the case with _static folder.

    In MS CRM 3 these folders were also set to integrated security. I don't think that in MS CRM 4, switching these back to integrated security will make any negative difference.

     

    Tuesday, January 29, 2008 2:14 PM
  • I think these 2 directories are anonymous because they are accessed directly for all organisations on the CRM server, whereas for all other folders the organisation name as added as part of the url, and CRM has an HttpModule that maps the organisation name and applies the appropriate authentication method. I don't think there is a means to set the account to use in the command line install, but I can't see why it matters, as all the content is static.

     

    If you're trying to tie down the server security, you're probably best creating a script to do this after installation

    Tuesday, January 29, 2008 10:09 PM
    Moderator
  • But in CRM 3 these were under authentication...so i really don't think that changing the security level will make a bigger difference...

    Wednesday, January 30, 2008 1:48 PM