WSS Anonymous Access Set-up and what NOT to do!

Setting up Anonymous Access in WSS is a TWO step process! If you want to undo the 2 step process then you MUST follow the 2 steps in reverse order, otherwise you will find yourself with a site that allows any Domain User read access, which will result in frustration. I recently fell into this trap so I wanted to share this with fellow bloggers and those who seek the answers when they're in a jam, like I was. This is the reason why I have started to blog again, since I could not find the answer to this issue on the web.

STEP ONE: Switch ON Anonymous Access via Central Admin so that you can actually see the Anonymous Access Menu option in Site Settings -> Site Permissions in the site itself. To do this you need to navigate to Central Administration -> Application Management -> Authentication Providers (Default) -> Edit Authentication and swith ON Anonymous Access by checking the box.

STEP TWO: Then go into to the Anonymous Access Menu option in Site Settings -> Site Permissions Menu option and set it to "Entire Site". By Default this will be set to "Nothing".

Close the Browser and launch the site again. You will now be able to see the site and it's content with a "Log In" to the top right, which is for Admins or Contributers. Now, let's say that you want to stop sharing your site and force users to login, hence not allowing unauthenticated users seeing the site content. This is where it caught me out! Initially, I did not set-up the Anonymous Access and never knew about the TWO step process, so I simply went into Central Admin and switched Anonymous Access OFF. This caused so much pain as doing this hides the Anonymous Access Menu option as mentioned above. I could not understand why anyone and everyone in Active Directory could log into the site and view the content. This was the case even if you have WSS on a Domain Controller or not, which is something I tested once I discovered the issue.

I only discovered the issue when I added a 2nd Sub-Site only to see that ANY user could see that site too, even if I stopped inheriting permissions from the parent site!!

So, to make sure your site is fully secure again you must do the following.

STEP ONE: Go into to the Anonymous Access Menu option in Site Settings -> Site Permissions Menu option and set it to "Nothing".

STEP TWO: Switch OFF Anonymous Access via Central Admin so that the Anonymous Access Menu option in Site Settings -> Site Permissions is hidden. To do this you need to navigate to Central Administration -> Application Management -> Authentication Providers (Default) -> Edit Authentication and swith OFF Anonymous Access by un-checking the box.

Problem Solved! I put this down to inexperience with WSS/SharePoint Security (ME that is!) at the same time as taking over the site from someone else who had switched on Anonymous Access using the TWO step process. I thought that switching OFF Anonymous Access in Central Admin was enough, however I didn't know it was a 2 step process that can only be reversed by performing 2 steps in the opposite way as described above.

I read about the solution in this book: http://www.amazon.com/Real-World-SharePoint-2007-Indispensable/dp/0470168358/ref=sr_1_1?ie=UTF8&qid=1289880110&sr=8-1> 

I hope that someone else out there finds this to be useful information.

All the Best
Dave Stuart