Windows IIS Anonymous Authentication Strategy
This section will explain how to change the password of the user-defined for IIS Anonymous Authentication with the help of Application Configuration and Trigger.
WinRM service must be installed on those servers.
Users must have configured IIS information for this option and should have the below example.
For this option, an Application Trigger Config definition must be made first.
- Navigate to the Secrets > Configurations menu > Application Configuration.
- Click the Add and the parameters must entered as described in the screen below.
- Windows IIS Anonymous Authentication is selected as the Strategy.
- IIS Anonymous Authentication will use WinRM service that’s why the user should enter WinRM port information.
- Select NTLM as the WinRM Authentication Method and press the Save button.
- After this definition, the user should open the Secrets >Application Management screen.
- Click the Add button.
With this definition, when the Vault account's password is changed, reset, or updated, IIS Anonymous Authentication creates a trigger so that the password defined for the trigger is also automatically changed.
- Enter the name of the trigger in the Name field.
- Select the Application Configuration that defines the name above definition.
- Enter the IIS Sites Name field from IIS which is described below the picture.
- Select the Vault Account that is defined in Password Vault and whose password we want to change.
- If the user defined for Password Vault is an authorized user to make changes on IIS, the Use Authentication User switch box is turned off. If it is not an authorized user, in this case, the Name and Password information of the Administrator user must be entered in the relevant fields.
- The Target Type value should be selected as Single Device.
- Select device information where IIS is installed and the device to be modified.
- If all values fields are entered user should click the Save button then the configuration will be completed.
- Navigate to the Vault Screen and select the Vault account.
- Click the above picture button and a new popup will be shown below.
If Reset Password or Update Password is clicked, the system will change the password information from Windows Local User or Active Directory for the selected account. Additionally, a new Application Trigger record will be created to change the password from the IIS server.
The Application Management screen must be opened, and the defined record must be listed. To start this record and change the password from the IIS Site immediately, the Run button must be clicked. If not, the Application Trigger job will automatically run this record according to the defined period.
