IIS 4.0 seems to have a bug in it that hoses the password setting for the IUSR_xxx user (you've noticed I'm sure that you now have file-level granularity for setting access permissions in IIS). The only fix we're aware of is documented in the LISTSERV support FAQ, specifically http://www.lsoft.com/lsv-faq.html#Sect22 which has been recently rewritten to take this problem into account. Thanks to Mark Wickens of EveryWare Development Inc. who originally had the problem and shared the answer he found with us. Nathan