It does indeed seem to be somewhat more "finicky" in this area than ASP. Of course, ASP is more intertwined with IIS/Windows than PHP is and therefore is able to draw more on the IIS/Windows architecture.

Did you actually achieve progress or are you still stuck? Which security settings did you change? This may be handy information for future research.

Not really stuck - I have the ASP workaround in place and working seamless with XOOPS.

I will continue to work on the issue with the php.

On the Win2k3 box if you want to require the passing of the NT Username you have to disable the anonymous access for the page you intend to retrieve the NT USername for.
Once you do this the NT Username will pass using server variables.

In order to do this for those who are unfamiliar with Win2k3 and IIS 6.0
Open you computer management console - expand the Information Services tree menu -select your website - then select the directory - then the actual php, or asp page you want - right click and select properties - select the authentication and access control - uncheck the Enable anonymous access option - click OK - then click APPLY and you are done.

I hope this helps