For maximum security and flexibility managing your domain we first need to create the anonymous web user. This is the user that your web site will run under. All requests made to the file system will be made from this user.
For organizational purposes we will first create a new Users Group called WebUsers. This group will hold all Anonymous Web Users for your domains.
We now create the Windows User that the web site will run as. All requests made to the file system will be made from this user. Make a note of the user’s password as we will need it later.
We now assign the domain.com_web user that we just created to the WebUsers group. This should be the only group that the user belongs to.
Open up the IIS Module on your server and Right Click on the Web Sites folder. Choose New – Web Site. This will start the Web Site Creation Wizard.
When asked for the Web Site Description, put in the name of your domain. In this case, we are using domain.com
Choose an IP Address that you want the web site bound to, the port the web site will run under (80 is the default web port) and the host header for this domain.
Choose the path where the web site files are located. In this example we are storing the web site files at C:\Inetpub\wwwroot\domain.com
Choose to allow Anonymous access if you want anyone to be able to view your web site.
Allow Read access so the user visiting the web site can view the web site files. Choose Run Scripts if you want to run ASP and Write if your web site will be writing files to your directory structure.
You have successfully completed the Web Site Creation Wizard, however we are not done yet.
Right Click on the new domain.com in IIS. Choose Properties – Directory Security and then click Edit under Authentication and access control. Enter in the User and Password that you created in Step 2. This is telling IIS to force all anonymous requests to run from this user. We can then lock down this web site’s access to the system with NTFS permissions.
After the above steps our web site is only accessible by typing domain.com in the web browser. We also want it to be accessible by typing www.domain.com. We do this by adding an extra host header. Right Click on the new domain.com in IIS, choose Properties and then Click on the Advanced button next to the IP Address under Web Site Identification. Click Add, choose the same IP Address as you choose in Step 6, choose the default port of 80 and then enter www.domain.com for the Host Header Value.
We now need to set the NTFS permissions for the new web user we created for our new web site.
In Windows Explorer browse to C:\Inetpub\wwwroot
Right Click on the domain.com folder and choose Sharing and Security. Choose the Security Tab.
Give the domain.com_web user and give the directory the required permissions.