Authorization problems with dso and asp (vbscript)

Hi all,
I have an authorization problem while trying to access to Metadata informations of Analysis Services via DSO with vbscript over IIS.
Calling from Browser an ASP page with the following content:
---
dim dsoServer, dsoDatabase, dsoCube
set dsoServer = Server.CreateObject ("DSO.Server")
dsoServer.Connect ("<myServerName>")
...
--
produces the following error:
Unable to connect to the registry on the server (DSCWDMT), or you are not a member of
the OLAP Administrators group on this server.

I found in this forum a similar post, and its proposed solution (apply sp1 to AS) will not work, because I have already SP1 installed (see also article Q297232 on MSDN).

I did the following tests:
1) run examples on \Programs\Microsoft Analysis Services\Samples
Yes, they work, but without DSO. I need DSO
2) Build a dll and register it for wwwroot.
Same error message
3) follow instruction on Q224973 (MSDN)
Same error message

I have the suspect, that the installation and/or the authorizations on W2K are not correct, but I do not know what.
I run SQL2K with unthrusted authorization (i.e. with user logon and password). This use is also allowed to see cubes (at least SELECT) in Analysis services. MDX Commands work fine and I get results.

So the question is: which user is trying to access DSO Services via Internet ?
if it is IUSR_<ServerName>, than it cannot work, because it has only guest auth. on ServerName, and it would not be correct to change it.

Do you have any hint ?

Background Infos:
OS: W2K with sp2
IS: IIS 5
Database: MS SQL2K with sp1
AS: SP1
Language: Visual Basic scripting edition (VBSCRIPT)

Thanks in advance
MatteoHi,

Remember that using Windows 2000 and your web server - IIS 5.0 - all connections and all things that you use from WEB use the default Windows 2000 user account that's IIS_<machine name>...

For example, if you must use a different Regional Settings for your WEB Aplications - ASP - and set it on the server by <b>Administrator</b> account, nothing will be changed by WEB users but the account used to local permissions on IIS is the IIS account ( IIS_<machine name> or IWS_<machine name> - I don't remember now ) .

[ ]'s|||Yes, this is correct. Everything works under the account IUSR_<MachineName>.
The problem ist meanwhile solved.
The error message came because IIUSR_<MachineName> could not read Registry Entries for HKLM/SOFTWARE/Microsoft/OLAP Server/...
So I added IUSR_<MachineName> wit readonly authorisation. This solved the problem.
Anyway this cannot be a good solution, because You change punctually something without a general application rule.
So I keep on searching.

Thanks,
Matteo