Anonymous access policy in sharepoint web application

Anonymous access policy in sharepoint web application is created for public facing sites, which can be accessed by users having no permission in the site. Anonymous access permission setting is disabled by default. No prompt for user credentials while accessing these anonymous contents is required.

Actually “IUSR_computername” account is created by IIS for authenticating anonymous users to access the public facing content in sites. We can create anonymous access policy at the web application level so as to restrict/manage permission for anonymous content and their action on it.

  • Since we are going to create a public facing sharepoint site, its always recommended and best practice to extend web application that is going to face external traffic.
  • Navigate to SharePoint Central Administration. Click on Application management and select Manage Web Applications.
  • “Extend Web Application to Another IIS Web Site” dialog box will open, Select “Allow Anonymous” to “Yes”. Click “OK”.
Extend web application to another iis web site
Authentication providers sharepoint web application
  • Click on “Intranet” as we have selected this while extending the web application, you will notice “Enable Anonymous Access” is selected.
Authentication providers extend web application
  • Now select the extended Web Application (http://win-q2repghf9du:27315/) from Web Application Management page and click on “Anonymous Policy”.
  • Select the zone as “Intranet” as anonymous access is enabled for this zone. you can enable for other zones following the previous step. Next select “Anonymous User Policy” that you want to apply let’s say “None”.

There are 3 anonymous user policy level available as below, you can select as per requirement.

  • None: Default permissions to anonymous users will be applied as NT AUTHORITY\Authenticated Users and All Authenticated Users have.
  • Deny Write: Read access to all content for site collections under that web application but no write access.
  • Deny All: No permission to the web application.
Anonymous Policy sharepoint web application
Anonymous access sharepoint site permissions
  • Select types of anonymous access policy that anonymous users can access like “Entire Web Site” or “Lists and Libraries” or “Nothing”. Select “Entire Web Site” so as to give access to all contents in that site. uncheck “Require Use Remote Interfaces Permission”, click “OK”.
Anonymous access entire web site in sharepoint
Anonymous users sharepoint group
  • We can further restrict permissions at the document library level. Navigate to “Document Library”. Click on Library Settings and select “Permissions for this document library” and click on “Stop Inheriting Permissions”.
  • You will get option in ribbon “Anonymous Access” Click on that “Anonymous Access”. Select the permission you want to assign and click “OK”.
stop inheriting permissions sharepoint
edit anonymous access permission in sharepoint
  • Next you can check the Site Collection feature “Limited-access user permission lockdown mode”. It should not be active so as to get access at the Application Page Level.
Limited-access user permission lockdown mode



Categories: SharePoint 2019, sharepoint policy, web application

Tags: , , , , , , , , , , , , , ,