Broken Authentication, File and Registry Permissions

[Guest mikeg]

We have a W2K IIS 5.0 Server with a website configured for anonymous

authentication. It's been working fine for more than a year. After applying

some July 2007 W2K updates, users suddenly started getting a Windows

authentication login prompt. I checked the site and it's still set for

anonymous access. The anonymous user account seems okay (not locked or

disabled).

 

Then I ran Authentication and Access Control Diagnostics 1.0 tool and

discovered BUILTIN\Administrators, NT AUTHORITY\SYSTEM and BUILTIN\Users now

have insufficient Server and Registry permissions. For example,

BUILTIN\Administrators HKLM\System\CurrentControlSet\Services\IISAdmin

registry permissions now fail diagnostics and the tool says NT

AUTHORITY\SYSTEM does not have enough access to WINNT folder and files.

 

However, when I check folder/file permissions everything appears normal.

Registry permissions also appear normal in REGEDT32. Nevertheless users are

suddenly falling back to Windows authentication and diagnostics are failing.

 

As a sanity check, I compared folder and registry permissions and ran

diagnostics on a similar IIS server where everything is still working.

Permissions are the same, but the good server passes diagnostics and

anonymous access is working fine.

 

I’ve already uninstalled the Windows updates. Any other ideas on how to

repair this?