The AnonymousPasswordSync property indicates whether IIS should handle the user password for anonymous users attempting to access resources. The following list details the behavior of this property:
If AnonymousPasswordSync is set to false, the administrator must manually set the AnonymousUserPass property to the anonymous user password; otherwise anonymous access will not function properly.
If AnonymousPasswordSync is set to true, the anonymous user password is set by IIS.
If AnonymousPasswordSync is set to true and the value of the metabase property AllowAnonymous is set to false, no users will be permitted to log on to the FTP server.
For anonymous password synchronization to work when the domain controller for the IIS server is running Microsoft ® Windows ® 2000, you must have sub-authentication enabled. For more information, see the "Sub-Authentication" section of Digest Authentication in the Help that comes with IIS Manager.
Setting AnonymousPasswordSync on a server running IIS 6.0 has no effect unless you run your application under the System identity and enable sub-authentication. However, it is strongly recommended that you never run an application under the System identity because of the risk it poses to security. If your application contains a buffer-overrun, malicious users can do anything they want under the guise of the System identity. Also, sub-authentication is not enabled by default on a new installation of IIS 6.0. This new default behavior of IIS 6.0 might break old applications that use Anonymous authentication.
You can configure this property at the following locations in the IIS metabase.
IIS Admin Object Type
Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.