Change password for IUSR account dni 5/30/2007 9:28:02 PM When we have an IT Audit we get flagged for domain user has no required password. The accounts are IUSR_servername that were created by WSUS. Can these passwords be changed without messing up WSUS and if so where and how. Thanks.

Re: Change password for IUSR account "Lawrence Garvin \(MVP\)" <onsitech[ at ]community.nospam> 5/30/2007 10:31:35 PM "dni" <dni[ at ]discussions.microsoft.com> wrote in message news:88D85D82-3DF7-47D3-8A47-B8A10B64D2D0[ at ]microsoft.com... [Quoted Text] > When we have an IT Audit we get flagged for domain user has no required > password. The accounts are IUSR_servername that were created by WSUS. The IUSR_servername *should* have a password, and this account is *not* created by WSUS, it's created by the installation of Internet Information Services. You'd get a warning as a domain user account only if IIS has been installed on a Domain Controller. This may, or may not, be the IUSR_ account being used by WSUS. > Can > these passwords be changed without messing up WSUS and if so where and > how. Yes, you'd need to change the password in two places: [a] Change it in Active Directory Users and Computers. [b] Change it on *every* DC-based installation of Internet Information Services [c] Do *NOT* change the password on IIS installations that are not on DCs, because they're actually using a *local* account and password, not the domain account and password. -- Lawrence Garvin, M.S., MCTS, MCP Independent WSUS Evangelist MVP-Software Distribution (2005-2007) https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E Everything you need for WSUS is at http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx And, almost everything else is at http://wsusinfo.onsitechsolutions.com .....

Re: Change password for IUSR account "Lawrence Garvin \(MVP\)" <onsitech[ at ]community.nospam> 5/31/2007 2:41:16 AM "Special Access" <nonyabidnezz[ at ]hotmail.com> wrote in message news:bp5s531ghhguii4bbaj3hkap6i391l8dno[ at ]4ax.com... [Quoted Text] > On Wed, 30 May 2007 14:28:02 -0700, dni > <dni[ at ]discussions.microsoft.com> wrote: >>When we have an IT Audit we get flagged for domain user has no required >>password. The accounts are IUSR_servername that were created by WSUS. Can >>these passwords be changed without messing up WSUS and if so where and >>how. >>Thanks. > IF I am reading this correct, you got tagged because the account "does > not require a password". Good point, and my misunderstanding. Thanks for jumping in! -- Lawrence Garvin, M.S., MCTS, MCP Independent WSUS Evangelist MVP-Software Distribution (2005-2007) https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E Everything you need for WSUS is at http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx And, almost everything else is at http://wsusinfo.onsitechsolutions.com .....

Re: Change password for IUSR account dni 5/31/2007 2:16:01 PM Yes the hit is that the user account has no required password. I will run the net use command you suggested. Thanks Ozzie "Special Access" wrote: [Quoted Text] > On Wed, 30 May 2007 14:28:02 -0700, dni > <dni[ at ]discussions.microsoft.com> wrote: > > >When we have an IT Audit we get flagged for domain user has no required > >password. The accounts are IUSR_servername that were created by WSUS. Can > >these passwords be changed without messing up WSUS and if so where and how. > >Thanks. > > IF I am reading this correct, you got tagged because the account "does > not require a password". If this is true, then run this command: > > net user iusr_<servername> /passwordreq:yes > > This will set the "password required" flag and should pass the DISA > scanner. It should be noted that setting this flag does NOT/NOT > require you to have or change the existing password. > > Mike >