It is best for the Administrator to set permissions to use the Everyone group.

Although each system administrator can set permissions based on their needs, it is best to use the Everyone group instead of the IUSR_MACHINE account. In fact, ASP and ASP. NET cannot run if only IUSR_MACHINE accounts are granted permissions. If you use the Everyone group, ASP can run normally when the Web site has high, medium, or low protection levels for anonymous users and authenticated users.
In addition, if you only need anonymous access, the administrator can create an InternetGuests local group, add IUSR_MACHINE, IWAM_MACHINE, and ASPNET to the group, and replace the Everyone group with the InternetGuests group. However, the Everyone group includes the Users Group (for authenticated Web Users), IUSR_MACHINE account (for anonymous HTM access), IWAM_MACHINE account (for anonymous ASP functions), and ASPNET (for ASP.. NET ).
IIS 5.0 uses two separate accounts to execute Web pages. When using anonymous authentication, IIS uses the IUSR_MACHINE account to view the Web page. However, IWAM_MACHINE is used to start a separate process called Dllhost.exe. All Active Server Pages (ASP) and Component Object Model (COM) all components or other ISAPI extensions (ASP is considered as ISAPI extensions) run in this process. The main purpose of this operation is to maintain stability. If the custom COM component called from the ASP page crashes (that is, access conflicts are caused, causing the process to stop), it does not affect Inetinfo.exe, so the Web Service will continue to run.
The three protection levels in IIS 5.0 are as follows:
Low (IIS Process): this setting is similar to the default setting in IIS 4.0. All Web pages, whether HTM or ASP, are running in the Inetinfo.exe process.
Medium (pool): This is the default setting. Similar to IIS 4.0, this setting starts a separate process called Dllhost.exe, where all ASP and COM components run. This process is started by the IWAM_MACHINE account, which is also the same as IIS 4.0. In addition, this setting is also called a pool because all Web Sites running in IIS share this Dllhost.exe process when executing ASP pages. Note that in Windows 2000, use Dllhost.exe to replace Mtx.exe.
High (independent): This setting starts the dedicated Dllhost.exe process for each Web site or application. If there are five Web sites and each site has a protection level set to "high", there will be a total of six Dllhost.exe processes: Five Dllhost.exe processes and one additional Dllhost.exe process, the additional process is started by COM + in the system application.