Hi There. I have recently inherited a fairly large shared web hosting platform, which, amo other features, allows customers to place access databses in their web sites, and then read / write data to them via DNS / Dsn-Les connections. However, a security problem became apaprent to me: If an...more >>

Hi guys I need help. I created a web application for my intranet. I'm using a dsn connection. The applications works fine when the database resides in the same server as the IIS. when I change the dns to point to the same mdb file over to my database server I get the following error Micro...more >>

We have an ActiveX CAB file that is part of an Active Server Page web-based application. It worked fine on Server 2000 both in HTTP and HTTPS. On migrating it to Server 2003, it still works on HTTP however it will not download under HTTPS to the browser. The browser is IE 6.0 and has be...more >>

I think I've got everything set up in IIS for using IIS 5.0's password change scripts. However, when I submit a form I get the following error: Error: An invalid Active Directory pathname was passed Debugging the scripts a little, what I find is that none of the request.form field values a...more >>

I've learned that it is possible to create a database for iis 5.0 & have all server logs (or most) to be saved to automatically. Does anyone know how to do this? Thanks MikeSt...more >>

I like to secure my ASP with either a username and password or a client certificate. Therefore I have set "require SSL" and "accept client certificates". However, my script fails for the first document that I send if I use a username and password. The error on the client is: "There is a se...more >>

Hi, I have a client with w2k (IE 6) and a Windows 2003 server (with IIS 6.0). I would like to setup IIS 6.0 to authenticate the users trying to access to a web page. I'd like to use kerberos v5. During the IIS setup, I enabled "Integrated Windows authentification". But each time I go to ...more >>

how to restrict sites to users who use internet in the network...more >>

Hello all. I have a quick question about pop up ads. I am kind of new to the personal computer era. Every time i flex a muscle i get pop up ads!! i mean 15-60 at a time sometimes! how can i stop this madness?? Thanks alot....more >>

May I in IIS to disable oportunity for someone to download all my pages in web site with WinZip, TeleportPro, atc? I wanna to those pages be visible, but not to someone download them in whole. Thank you!...more >>

Hi everyone, I would like your help on the following: My web page was defaced by someone known as daark phyber, and I don't know how to put it working again. Please help me. ...more >>

I recieved an N-case alert does anyone know what this alert is ...more >>

We have an Nfuse webserver that is using IIS 5.0. We've installed the SSL certificates to run the webpages through an https connection but when we do a netstat -a, we still see the http port listed as active. It doesn't have any foreign connections, it just seems to be connected to localhost on...more >>

Hi, i was able to get my SSL on port 443 to run just fine. But on setup i found i cant remove port 80 from the side or at least have some kind of port nbr there. I want to disable that users can view content without using SSL. I know i can do that with using a port other then 80 and then ...more >>

Hi I get this message when I set my virtual directory to access the computer as I_USR even though I have given I_USR execute and read permissions on the folder with my ASP scripts. If I set my virtual directory to access the computer as another user who is a member of administrators an...more >>

Hi everyone, I am planning to deploy either Windows2000+SP4+IIS5 or Windows2003+IIS6 on the internet, I would like to know what are the security patches for IIS that I need to load before putting the server online ? or anyone can provide me a link or white paper regarding this. Thanks in ad...more >>

I am trying to enable the IISADMPWD virtual directory so users can change passwords when they are required. I am not using the Default Web Site, but a different site. I have implement all of the instructions that I have found, but the site does not allow an account that is set to change pa...more >>

Greetings, I'm trying to limit web developers to only having admin access in IIS6. Seems they have to be in Admin group on Server 2003 to even open IIS6 console. Any suggestions on if I can create a group and assign a specific ACL for admin access is IIS6 only? Thanks, Brian...more >>

Where can I find information about securing a virtual directiry using NTSF permissions to that virtual directory. The "connect as" overrides my desired behavior. If I create a directory on the IIS server and assign it NTSF permissions it behaves as expected, only those granetd permis...more >>

Hi all, I am getting ready to bring a new server online to the Internet to host our website. Yesterday I was going thru a security article on IIS 5.0. I also ran the IIS Lockdown tool, although I cancelled out before it finished. I guess you could say I "chickened out" before it was done. ...more >>

I have removed those users whome I wish to deny Internet access from the BackOffice Internet Users Global Security Group, but they Still have access???...more >>

We have been using a crossword applet for quite a while - it has performed very well ... until we upgraded to Windows 2003 Server. Now the Applet doesn't work - it loads ok, but it can't read a data text file on the server. The only way it can work, is if the HTML page calling the app...more >>

I'm not sure if this is the right newsgroup. But every time I am on the internet, I get this message (about ten minutes into it)telling me that there was an error, send an error report to Microsoft or not. I have tried both ways, and I get the message that NT Authoriy/System is shutting do...more >>

Hi, We have a 'mixed domain' with NT4, W2k and W2k3 servers, NT4,W2k and XP clients, IIS 5, 5.1 and 6, IE5.5 and 6. All our web apps use Basic or Integrated Authentication. I am wondering if it would reduce the OS/network load if I made a lot of the resources (eg gifs, pop-ups, includes ...more >>

This may be rather basic in nature, but... If someone can point me to a tutorial on setting this up, or give instructions, that would be great. I have done some searches, but unfortunately the questions/responses seem to assume too much previous knowledge, or do not address some of the topics...more >>

Hi All, We dial-in into 2003 server and doing FTP to another NT-4 server. It looks like based on the IP address assigned to the remote client - FTP some time works and other time it gives error Cannot connect to remote host. At that time we're not able to ping the remote server. This specially happ...more >>

I've written a web application (using ASP) and sporadically we get a login dialog asking for username, password and domain (this is not a web form that I created for logging in). The web server is IIS 5.0 running on a Windows 2000 box. Can someone point me at what might be causing this? BB...more >>

I would like to deny access to computers from 102.168.0.0 - 102.168.254.254 with a subnet mask of 255.255.255.0 When I enter in 102.168.0.0 with subnet mask 255.255.255.0 - it does not deny. when I enter in 102.168.0.0 subnet 255.255.0.0 it DOES DENY. My iis server is on subnet 255.255.0.0, but I...more >>

Hi, I have an ASP.NET app that sends HTTP WebRequests to an exchange server that requires NTLM authentication. To do so, the ASP.NET app is configured to impersonate the current user. Everything works fine, except on our test Win 2003 machine, where the web requests fail with a 401 answ...more >>

Just rebuilt my Web server and added back all the user accounts. When I switch on Basic Authentication, the ASP that pull information from the SQL server fail to make the DSN connection with the following message:- "Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [Microsoft][ODBC SQL...more >>

Well I am fairly certain this is something I am somehow foolishly missing in IIS configuration, I have a subfolder below my default site that has a complete coldfusion app I would like to run, but I would like it to be open to read by anonymous iusr. Now for some strange reason, the folder serves HT...more >>

We just migrated to IIS 6.0, and in our previous production environment, we had basic authentication against "\" for authenticating across trusted domains. The same setting does not work with IIS 6.0. Is there a new way to authenticate across domains in IIS 6? ...more >>

I'm trying to get a distance learning software package (Flex Training by Online Development) up. This software is based primarily on Active Server Pages (ASP). It works fine without SSL/128 enabled. But once I enable SSL, the final page that is supposed to launch the "class" returns a H...more >>

Does anyone know how to redirect http:// requests that hit a SSL site automaticlly to https:// ??? I'm not a programmer so please go easy on my... :-) Thanks!!! Scott...more >>

Hi, I think that I have encountered a somewhat serious "bug" somewhere. I can't tell if it's a CryptoAPI bug, an IIS bug, or whatever, so I'm cross-posting this to several newsgroups. This seems like (to me) a rather serious problem, and I'll try to describe what's happening as best I can, ...more >>

We have internally developed apps running on our IIS 5.0 Intranet server. These apps use the anonymous login to query AD for object resolution in order to process security permissions. This worked great with W2K DCs. Since we have upgraded to W2K3 DCs only, it has stopped working. My educated gue...more >>

Hi all, I have an Intranet Win2K server running IIS 5. 3 websites are defined - the default on port 80, and the admin site and a sharepoint site on alternate ports. Security is set to Window authentication for all sites, and NTFS security to the appropriate directories is set accordingly....more >>

Hi all I installed a new SSL certificate this morning on one of our web servers [NT 4.0 SP6a with IIS 4.0]. I can see in Key Manager that the certificate has been installed OK and is valid, but the SSL secured area of our web site no longer functions - just get page can not be displayed. I ...more >>

Hello all, Before I get to babbling on, please feel free to correct me if I'm wrong at any point, and please forgive the massive long post for such a simple queery! I'm in the process of designing the infrastructure for when we move to Win2k network/domain. I'm not very experianced in I...more >>

I had some hackers break into my web server when I was running NT 4.0. I upgraded to 2000 and put URLScan on the system and it appears to have stopped them but they continue to try and gain access. Most often now they simply give up after entering a command that looks like this in the log ...more >>

Hi, Anyone knows what the below entry in a urlscan log means? "Received malformed request which resulted in error 50 while modifying the 'SERVER' header.Request will be rejected with response code 400." I looked up the corresponding entry in the weblog, and it was served with a 200 status...more >>

It started out with a massive comms bill. 1GB over the download limit for a month. I couldn't work it out, but the same thing happened the next month, and this month. I started to have a look around.. My ISP shows we are downloading roughly 100MB every 24 hours which is ridiculous for the type...more >>

I set up a simple web page which I can access from inside the office. I configured my dsl router to direct HTTP requests to my IIS server. But for some reason, from outside, I get the message, we "cannot find the web site." Does IIS have some automatic security feature blocking requests fr...more >>

I get the following message page when I visit a commercial web site I normally visit to shop. What does it mean and how should I respond? Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details o...more >>

I have installed and run the IIS lockdown tool today. It caused a failure of a perl based web calendar called WebEvent. Everytime we open the .pl file, we receive an error that the page cannot be found. I edited the urlscan.ini file to allow for .pl files. However, when opening the URL in the br...more >>

Hi, I have a client who is thinking about running a intranet on IIS6 with Integrated Windows authentication. As the client is using Novell Directory Service, I need to know if the integrated windows authentification will work with NDS instead of an Active Directory. Has anyone here had any exp...more >>

How should a firewalll be configured to allow Windows Update? ...more >>

The last couple of months we have gotten thousands of: Sent verb 'SEARCH', which is not specifically allowed. Request will be rejected. In our URL scan logs. Is this a worm or what? It bugs me I can't see all the information being sent from the logs. ...more >>

-What exactly does the Lockdown do? -Does it just reset existing switches or does it load additional software? -If switches are reset, what are they and what are they set to? -Is there an undo?...more >>

We have spam and pop ups on our internet. Can you recommend any package to remove these and prevent them in future. Thanks please reply to fredron@vhe0310.freeserve.co.uk...more >>