Hello I just noticed that new files I add to subdirectories contained within my main home directory (which is set to apply all security settings to child objects) will not inherit any security settings....where am I going wrong? (I specifically need IUSR_Machinename to be inherited to everythi...more >>

My problem is...I was trying to block 'spam' and I went to Internet Options. Clicked on Security and entered a password. Now every web site I visit, forces me to enter the password, before viewing. The message is "CONTENT ADVISOR WILL NOT ALLOW YOU TO SEE THIS WEB SITE. THIS PAGE DOES ...more >>

Hello, First of all. Sorry for posting this here but I could not find any other place to post this. I just like to know if its safe to delete all the log files that is on c:\winnt\system32\logfiles\w3svc1 Also is there a way to control the size of this logfiles on that folder? Pls. point me...more >>

OK... dont' bag me for doing things the wrong way, if you can suggest a much nicer way, then go ahead, but anyways here my problem: I'm using WSH and command prompts (cmd) to run a few dos programs. Mainly i'm wanting to lookup an ip number for it's host, ie oShell.Run "%ComSpec% /c nsl...more >>

What specifically must I do to enable a cgi script to execute a process that modifies a file on the local file system of the server (IIS 6.0)? I've granted my iuser_account modify rights to a directory that will house the file. When I use a perl OPEN filehandle within the CGI it works fi...more >>

Hi, I have windows NT4.0 Domain, IIS 5 installed on Win2k Server. Want to enable password change utility IISADMPWD. but no matter what I try its not working.. Is anyone knows any other utility on the web? Anyone using any third party utility.. Thanks Santa...more >>

I just got an email from microsoft telling me to download and install the "october '03 cumulative patch." when i try to download it from my email, it detects a virus. do not download it if it has an attachment! Microsoft says their emails have no attachments!!! ...more >>

hi, I'm wondering if we can host websites developed in Visual Studio 6 that uses global.asa for user settings, without installing FrontPage Extensions on IIS 5? For security reasons, we prefer not to run FP extensions on production web servers, but these websites don't function correctl...more >>

we need a ini File (xyz.ini) in the root for a other domain that they know what settings we need. in IIS6.0 the file is in the root, but we get the failure 404 when we access the file over http://domain/xyz.ini. when we rename it to xyz.txt it works. what we can do that nIIS6.0 shows *.ini fi...more >>

I am running a Win2k machine dedicated to the role of a web server. This server is running a single public web site. The web site in question has a secure area. What I mean by secure, is that it requires a username/password to get in. As I do not have a need for overly-strict security for t...more >>

Everytime I try to execute a Crystal Report application in the Internet Explorer screen (client side) with no Crystal Report application installed, the error message "Your current securty setting prohibit running ActiveX controls on this page. As a result, the page may not display correctl...more >>

Some search engine called searchv has taken over my IE and Google is replaced at every restart. Any suggestions?...more >>

Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http:...more >>

Hi y'll I need assisatnce regarding abt Internet Explorer 5.0. I recently had a virus on my laptop, though i deleted it, some of the effects of the virus still inside the system. What the virus program did was to change my internet settings (my home page settings become something else) t...more >>

hi, i need some help on how to configure ISA Server. there are many options in ISA Server, its very confusing and i dont want to take chances doing minor mistakes. can somebody help me Configure ISA Server Perfectly without missing a single important Option, how can i configure my IIS web...more >>

When starting Internet Explore version 6.0, adult pop up ads continually invade our computer. It even changes our favorite searchs to porn sights. I changed my childs home page to msn.kidz and the porn pop up ads still show up. We subscribe to Norton Anti virus and ran all the MSN updates ...more >>

We are upgrading our webserver to Win2003 Server with IIS6.0 We use CGI executables for some of our SOAP services and I ran into troubles. Reading "Configuring CGI Applications" helped a little but I still get some errors. 1) When I access my CGI Executable, Windows asks for a username/passwor...more >>

Do I need to reapply service packs/IIS Lockdown if I add components such as FTP/SMTP to a web server? I aready have W2k SP4 and the IIS lockdown tool installed. I saw a FAQ regarding the service pack, however, I am unsure about the lockdown tool. Thanks, Justin Craddock...more >>

Hi, I have a web site with a virtual folder named 'reports' which has lot of dynamically generated PDF files. In the application, depending on the previlages of the loggedin user, the related PDF files will be listed in the page. But if the user types the URL of the PDF file 'http://xyz/reports/...more >>

I cannot seem to get rid of this virus. Last night I scanned and Norton found 95 infected files, and deleted all of them except for cmd32.exe. I've tried going into my Registry and deleting the infected files manually, going into Safe Mode and doing a full system scan, but nothing seems to...more >>

I've configured my Default Web Site to use SSL with Basic Authentication. For some reasons, after a computer restart the Integrated Windows Authentication is enabled. How should I configure the IIS not to get the IWAuthentication enabled after a cumputer restart? Thanks, Costel costeln@hotmail...more >>

How can I tell if a message delivered to my email is authentic? Today I have two - one from Program Security Division and one from tealw294SN@microsoft.com. I have been deleting messages because I don't know who I can trust. Monica...more >>

Hi I have an ASP application & COM+ Application that are using Integrated Authenticataion and a Trusted Connection to SQL Server. The connection string is: PROVIDER=SQLOLEDB;Integrated Security=SSPI;UID=;PWD=;DATA SOURCE=localhost;DATABASE=my_database The problem is that whenever I conne...more >>

Hello, I'm trying to configure client authentication in IIS 5.0. I have installed server certificate and I have done actions shown in Microsoft Knowledge Base to configure it but I receive next message error: HTTP 403.16 - Forbidden: Client certificate untrusted or invalid I h...more >>

Hi: I have a windows 2000 Professional machine with IIS 5.0. I want a ordinary user to administer IIS 5.0.. LIke create a web site and stuff like that... what previlages does an ordinary user need to administer IIS. Is it possible to do this or only an administrator can do this. ...more >>

Microsoft Client this is the latest version of security update, the "October 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to protect your computer. This update includes the functio...more >>

I am having problems when i am connected to the internet. Whilst viewing web pages, my modem disconnects and then i am asked to reconnect, but as i try to do so i can already hear my modem reconnecting, but i dont know with which program. If i do click on reconnect i am told my modem is ...more >>

hi, i have developed a web application in Centura(Gupta Sql). i have hosted it on IIS. it was working fine. but once or twice a day my IIS gets disconnected automatically. what might be the problem please help me rectify this. please tell me what are the security ,measures that have to b...more >>

Well, some guy used webdav to change all the security settings on a brand new 2003 server install. he created an admin account and disbabled access from the network for others. I turned off anon access for ftp, which I can keep that way, and www, which I want anon access for eventuall...more >>

Do I need to download the patches? I have updated all the patches, but when I tried to download the last few, it will not load correctly. The only way was to keep clicking ok when it popped up, and this corrupted my software....more >>

Every day I receive 20 to 30 e-mails containing this virus. Norton catches every one and I Quarenteen them and delete them I am new at this and I have no address book or anything saved in my Outlook Express. These are the only e- mails I receive is there any way I can track the sender or st...more >>

Yesterday I downloaded the latest security from the Microsoft site and now it is automatically removing attachments such as my electronic airline ticket confirmation information. How can I fix this? Thanks, KB...more >>

I have some Access Database Tables of Public Information for High School Students and Teachers. The Web Page will not let the teacher access the data in the database. I get a 500.100 error. However I have no secuity installed of any kind, it is a public information IIS Server, there is n...more >>

Hi alltogehter, my IIS on Windows 2000 Server is reachable by Ports 80 and 25 and 110 and 21 for external access. Since some weeks in INETPUB\WWWROOT there are files and folders, Hackers uploaded there. These files sometimes reach several gigabytes in size. When trying to delete them: The...more >>

Hi all, I am using IIS5.1. I have used the lockdown tool and URL Scan 2.5. For some reason I can't the the FrontPage counter to show on my local host. My urlscan.ini file has been edited like so: [AllowExtensions] ..asp ..cer ..cdx ..asa ..htm ..html ..txt ..jpg ..jpeg ..gif ...more >>

I am running with a strange problem. My IIS 5.1 server does not start. All the services are running properly, no error message are shown. when I try to access http://localhost i receive page can not find, though IIS is running fine. The only thing was, i installed windows media player 9...more >>

I am trying to locally access "http://localhost../" any web page of a various web sites I have under IIS 5.1 with Netscape Nav 7.0. Every time the file is accessed, I receive a 401.3 error which indicates that an access control list is preventing access to this file. I can not see any permissio...more >>

HAS ANYBODY OUT THERE COME ACROSS THIS IN THERE ADD/REMOVE PROGRAMS? I DIDN'T KNOW IT WAS THERE UNTIL MY SPY REMOVER LOCATED IT..IT'S CALLED - C-DILLA MANAGEMENT SYSTEM - IT SAYS IT'S A HIGH THREAT, BUT IF YOU REMOVE IT SOME PROGRAMS WILL STOP WORKING..IT ALSO SAYS THAT IT WON'T ALLOW SOME...more >>

Alright, here is the scenario. AD forest with 1 root domain and 1 child domain currently. We have our intranet web server running on IIS/Content Management Server in one of the child domains at the headquarter here. We are proceeding to upgrade the regional networks from NT4.0 domain which are...more >>

I've posted to the Excel newsgroup, using a temporary e- mail address. This generates spam, but I can live with it. I inadvertantly used my "real" e-mail address on a post. Can I delete the post, so hopefully the spammers won't get that address?...more >>

Okay, I was reading a friend's AIM profile and it had a website on it. He's in a band so I thought it could be his band webpage so I clicked on it and it's porn! It's set itself to the homepage, and I've gone on the Internet Explorer properties several times to change it back to the defaul...more >>

The homepage gets automatically switched to one website constantly. I change it back to my regular homepage and then it just switches. Please help me. What can I do?...more >>

Windows automatic update pop up keeps having me install security update XP 815021. The process goes through but is listed as failed. I will get the same pop up the next day. How do I stop this without turning the atomatic update off..Dan...more >>

All, If anyone has been following my trials over the last week see(Setting up a Web Application on IIS 5.1 and ASP.Net Security Problems). I'm having a problem running a Asp.Net Web Application. I've finally narrowed the problem down to a security issue: The ASPNET (aspnet_wp) account cann...more >>

HoW can I clos my open ports when I conecet to Internet?...more >>

how can I stop getting emails from microsoft that have virus attachments? where do thay come from?...more >>

How do I find out who is sending me links to Porn Sites and how do I stop it? I have Outlook Express and I have gone to block sender but they keep making up new e-mail addresses....more >>

How do I stop pop-ups from ocurring. They even happen if I don't have a browser open....more >>

Can anyone tell me why the Microsoft game Spider and IIS should be trying to connect to the internet. My firewall lets me know when these programs try to connect. Is this Microsft being sneaky and subversive (again)....more >>

hi, i have windows xp, all critical updates completed and symnatec pro security and i am constanly recieving pop ups, in the middle of word or excel etc. titled windows messenger, your system needs ip security come to this site or other, how do i stop this and how can it infiltrate my secu...more >>

I'm running MS 2000 server with SP4 and all the patches applied alonf with IIS Lockdown and urlscan installed. My problem relates to ASP. I have allowed ASP in urlscan and allowed it when running IIS Lockdown. The problem I am having is with the IUSER account I can't run my ASP script on ...more >>

Hello, I am trying to find a way to create and install my own certificate with win2k server (domain controler). I have been doing a lot of reading, but still cannot find a good step by step article on how to acheive this. I will appreciate any help! I need to use SSL for a website for tes...more >>

I HAVE A BE SAFE ON LINE FILTER FOR MY KIDS THAT FILTERS OUT PORNAGRAPHY AND THEN SOME. IS THERE ANYWAY I CAN BYPASS THIS FILTER WITHOUT DELETING IT ? IF ANYONE CAN HELP I THANK YOU....more >>

Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http:...more >>

All, I'm having a problem running a Web Application (using vb.net), I receive a Parser Error Message: Could not load type 'WebApplication1.Global', when ever I attempt to start the Web Application. I've been able to narrow it down to a security problem because when I moved the Web Applicati...more >>

Hi Guys, I am trying to set up SSL on our web server and having a bit of a problem. Here's what I've done: 1. Cert request from IIS to an internal cert server. 2. Installed cert. 3. Tried a https request without ticking "require SSL" and it works perfectly. 4. Ticked "require SSL" and get ...more >>

I issued a certificate from a windows 2000 machine used for an SSL web site on a different machine. From a client running IE6 I get the warning that my CA isn't trusted. In the past, I could click the button on the warning to View the Certificate. From there I could click the button to install...more >>

I have installed a Thawte server certificate on my IIS 5.5 web server for my site (www.mydomain.com) . I have a folder structure below that is where I want my SSL to be applied. I clicked on Properties of that folder and went to the Directory Security tab, pressed the "edit" button under secur...more >>

I'm tasked with migrating an iPlanet (Sun One) Web Server to IIS 6.0. We're running a Server 2003 Native mode Active directory, IIS 6.0 is running on Server 2003 Standard, a members server of the 2003 domain. One of the features I most liked of the iPlanet product was the ability to secur...more >>

All, Could someone please point me to a step by step resource on setting up a ..net Web Application on IIS. I'm having a problem setting up IIS to except a new Web Application. I'm deploying the default Asp.net Web Application as is setup by VStudio with no code changed, other then adding "...more >>

I have a class written to perform FORM POST with Client Certificate and it works fine with Windows Appication. But, I am having trouble using it from ASP.NET application and everytime i am getting "connection cannot be established" error. Any help? Aung Here is the code of my FOR POST ...more >>

Ever since I used this Microsoft Newsgroup to ask a question three days ago, I have been getting 30 plus bogus microsoft e-mail security alerts and just as many undeliverable e-mail notices on e-mails I never sent. How do I stop this?...more >>

I have been trying for hours to get a hold of a person at MSN CHAT or Microsoft I have a serious problem, Someone has got into my MSN and changed my User and password ...they have posted a new users name that is very offinsive. I can not change it nor get a hold of anyone to get this off....more >>

I received the following email from a friend and I want to know if anyone has any info on it. I want to know if I should take it seriously and follow the instructions, if it is a hoax and I should ignore it, or if by following the instructions could I do damage to my computer? If anyone ...more >>

Hi HG, Does anybody know - Can I run IIS Lockdown 2.1 and URL Scan on a Windows Server 2003? Regards Roger ...more >>

I know this may sound like a noob question, but it isnt. Other parties have used my computer and messed some things up. the biggest thing that i cant stand right now is that my home page has been changed. I have tried to change it but there is no general tab to select and change the home...more >>

I keep getting windows screens that pop up and say Messenger Service on them. They have adds on them but they are not regular pop up windows. They pop up even when the explorer is not open. How do I stop them....more >>

All, I have a question about the Max Referer length. By default this is 256 I am not fully sure I understand this property. It this a header that is sent back to the Server by a client and is it part of the URL. While testing our Secure IIS I ahd the error come up I increased the value to...more >>

Hi We recently created a Versisign certificate on one of our test machines which works ok. We wished to roll this certificate out to our other machines to authenticate us for SSL communications. We exported the key as a .pfx and imported the certificate into one of our other servers and told ...more >>

Hi there, I have an SSL-enabled mail server at https://webmail.mycompany.com/exchange. Works great. When I follow the directions at http://support.microsoft.com/default.aspx?scid=kb;en-us;279681 for automatically redirecting users who type http: instead of https:, if I try to test it out, I ...more >>

Can't sign-in. This is what I found: Your Web browser options are currently set to disable cookies. To use .NET Passport, you must enable cookies. ..NET Passport stores cookies (small text files) on your computer that let you sign in to .NET Passport participating sites. For informati...more >>

Hi hope someone can help out on this one, we have a win2003 server running IIS 6.0 in Worker Process Isolation mode. We are trying to set up multiple web sites on the one host and use Host Headers to redirect clients. Anonymous login has been unchecked and we have integrated windows authentic...more >>

How do I disable pop ups on internet explorer?...more >>

I do have arestriction on my computer that I do not know how to remove it. I am trying to change the home page in my tools but the coputer doesnt let me do it. thanks...more >>

I used MBSA on IIS 5 web Internet server and I've got the report that MS03-040 is not installed. I never use IE for Internet browsing on this server. Do I still need to install it? Notes: Reply to newsgroup please. Thank you, Chris P....more >>

Hi to all and sorry for the crosspost to Win2k newgroup, but i found this group after i havd already posted this there.... So, i have the following problem: I made a web server (Win2k), set Server Extensions and apply the Lock Down tool. I have declared that i want Windows Authentication po...more >>

We have Integrated Windows Authentication enabled on IIS for our Intranet, and its host name is set to http://intranet/ (made the host name without dots to avoid the pop-up dialog box for credentials). It works great for Windows IE - users can log in to the site seamlessly. However, IE on M...more >>

Hello, I would like to have a link on a web page that will install our own Root CA certificate for whatever browser is being used. MS has the pages to do it, but I'm told it's complicated to create this link on a new customized page. Can any one help? Thanks in advance, Matt ...more >>

Hi, I'm encountering a strange problem here. We build an intranet application with ASP.NET on IIS 6.0 and mostly IE 6.0. The application that's causing the problem needs authentication (anonymous access disabled). Intergrated Windows authentication is enabled to use sigle sign on. Two...more >>

I am getting massive amounts of bulk email from what appears to be from Microsoft Updates, but the attachment has the W32.Swen.A@mm virus. What can be done to resolve this problem? Regards Mike ...more >>

I have web application written in ASP that uses COM+ objects written in Delphi. In IIS, I have set the Application Protection to Low. When i call a function of the DLL that returns recordset, It gives "Permission denied" error. If the functions return value is string or Integer, it work...more >>

Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http:...more >>

can I open an item that has been blocked. If yes, how do Ido this?...more >>