What IIS is running under so that you know which account's permissions have to be bumped up? Also, does IIS manage the password for the anonymous account's access?

Regards,
JB