What did you set for the NTFS file permissions? Did you access a restricted file/folder prior to browsing to the anonymous file? THanks Cheers Ken -- My Blog: www.adOpenStatic.com/cs/blogs/ken : -----Original Message----- : From: thelist-bounces at lists.evolt.org [mailto:thelist- : bounces at lists.evolt.org] On Behalf Of Robert Gormley : Sent: Thursday, 19 October 2006 12:02 PM : To: thelist at lists.evolt.org : Subject: [thelist] IIS Directory Security Inheritance : : Hi all, : : Using IIS6, I have a web site that has authenticated-only : access (Basic) enabled. I want to make one directory : authentication-free. No problem, think I - I set it's : directory permissions in IIS Manager to enable Anonymous, : disable Basic, and do the same for file permissions on the : two files within. : : No dice. I still get prompted when browing to : https://site/blah/ : : Seems logical, and indeed if I "test" by trying to turn : off auth at the site level, it tells me that "blah", : "blah/file.html" have different permissions, do I : override, so it definitely seems right, but it's : definitely picking up site permissions and using them. : : Am I missing something, or do I need to make the site : anonymous, and all the root dirs/files authenticated?