IUSR and IWAM Accounts Are Re-created When the IIS Admin Service Is Restarted (822165)

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

MORE INFORMATION

If you create individual anonymous and process accounts to isolate users in IIS and to help make IIS more secure, you may want to delete the default IIS accounts, IUSR_computername and IWAM_computername. However, these accounts are automatically re-created when the IIS Admin service is re-created.

Note This article does not apply to Internet Information Server version 4.0.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To prevent the automatic re-creation of the default accounts when restarting IIS, follow these steps:

Click Start, and then click Run.
Type regedit, and then click OK.
Locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp
Right-click InetStp, point to New, and then click DWORD Value.
Type DisableUserAccountRestore. Do not change the default value.
Quit Registry Editor.
Click Start, and then click Run.
Type cmd, and then click OK.
At the command prompt, type iisreset, and then press ENTER.

If the registry key exists, the accounts are not automatically re-created. If the registry key does not exist, the accounts are re-created.

IUSR and IWAM Accounts Are Re-created When the IIS Admin Service Is Restarted (822165)

SYMPTOMS

STATUS

MORE INFORMATION