We are providing hosting for our members on an IIS6/W2k3 standard server, we are now considering offering scripting support but I seem to run in to numerous security issues with this. The problem here is that each member does not have it's own virtual dir, we already have thousands of members ...more >>

Latley I have noticed that my compter has been downloading files without me initiating anything. The icoHow can I tell what my computer is downloading ? How can I stop it from downloading files ? I use the Windows XP operating system....more >>

An intrustion test vendor has suggested disabling SSL v2 on my IIS 6.0 server. I found the following article but I don't know if it's applicable to IIS 6.0. It mentions IIS 3.0 thru to 5.1 but the reason it doesn't say IIS6 may be because it was written in early March. Can anyone help with thi...more >>

I want to renew my certificate but with another certificate authority. When I run the wizard it automatically plugs in the current CA information. I'm not ready to delete the current certificate, until I get a certificate request created and submited to the CA. How can I do this?...more >>

Hi, I activated ISS security with basic authentication. When I click the url, it prompted me with username/password. That one works fine. How to put some information/message in login box so my user knows that they need to type domain/username in it ? eg : Site : "servername" Realm "...more >>

Hi, I have created a folder on my website which has basic authentication. The website uses asp. The only problem is in my secured folder, it only accepts the username/password if you want to use html. If you try and access an asp page it says the username/password does not work. ???? ...more >>

i got a web site like www.compagny.com who work very well and i apply the SSL encryption. Now when i type www.compagny.com and cannot access the page because i have to put a https: before my adress. What i have to do to redirect my http:\\www.company.com to https\\www.company.com. than ...more >>

I'm having a problem authenticating through IIS 6 and I cannot figure out what the problem is. I have created a user group called OfficeAdmins, all members of this group should have access to the admin folder I placed on the server. I removed the IUSR permissions on this folder and added ...more >>

Hi, I want to merge a word document in the server to display in the client side.The merge code is in a dll.In the asp server script, I invoke the dll to merge.It raise an error when I use the default IIS user.When I change the IIS user to administrator,It work well. I don't know how I shoul...more >>

Hi I have a .NET application hosted on IIs 6.0. I am using an other machine (again a windows 2003) as a file server. Whenever I try to upload a file to my fileserver through browser, it asks for an authentication. This authentication is for the localhost. I have tried to solve this problem by crea...more >>

hello, company for which I'm working, is using IIS5.0 and certificate authority for webpages that supports our customers, yesterday I tried to create cert via intranet and something goes wrong, after attemp to contact cert authority any computer says that there is unexpected problem with CA server, ...more >>

I have problem with ASP.NET files on a NAS Appliance (W2K) using UNC, through a W2K3 PDC IIS6, while working fine when the virtual dir is located on the W2K3 (Standard) Server itself. The aspx files on the NAS generate the following error; Access to the path "C:\WINDOWS\Microsoft.NET\Fra...more >>

I have a web app running on IIS 5.0. I was curious how much it is getting utilized. Some investigating and I notice log files c:\winnt\system32\LogFiles\W3SVC1 with lots of information. Are there any tools to help figure out how many hits (running an analysis on these log files perhaps) a web...more >>

Hi, I was tryying to add a new "Extension to the Application Mappings for a Virtual Directory"; I was able to go to the "Add/Edit Application Extension Mapping" dialog. However, the "OK button" always grayed out. I couldn't seem to add it. I was able to add it before, this issue started to...more >>

Does anyone know if https sites are cached? Thanks, Brook...more >>

Dear IIS Community, I am configuring an ISA server with RSA SecurID authentication using the instructions titled 'Using the Web Filter for authenticaton for RSA Security'. And one of the steps is to "...import the domain secret to the IIs server...". Where in IIS do you import the d...more >>

Running: IIS 6.0 on Windows 2000 server. Whenever I attempt to download an exe off of my server, I receive the following error: Internet Explorer cannot download <insert file name> from <insert website name>. Internet Explorer was not able to open this Internet site. The requested site ...more >>

Hello All... I am the network technician at a school and we cannot view pdf files. We receive a Microsoft Internet explorer error. the error appears only when it is pdf file that is being downloaded. I have placed a .bmp file in the same same folder with same permissions and setup a hyper...more >>

Someone has hacked my email after blocking the sender for a few times. I live alone, and no one knows my password. I don't know how that happened. After blocking out their emails, this person hacked my email, and started to use my old email to send messages to my new email ! This person se...more >>

Problem : I cannot get into secure web sites.. I have worked with several forum groups and technical assistances and have tryed several things but after 4 days I still cannot get into sites where I have to have a userid and password. I cannot download from windows live update," it says wi...more >>

i'm using winxp iis 5 and i have create a certificate using iis then from mmc i copy that certificate to my desktop after that from the iis pending request i browse that certificate(copy desktop).when i try to access the page with https the following error occur I have read all the KB articles...more >>

Can someone point me in the right direction regarding requiring client certificates. I need to know if requiring client side certificates is it possible to specify the acceptable client certificates and deny any others, if so how do you configure them on the server & client. What is the...more >>

Hey All, I have been beating my head over this one for a long time. It has to do with setting up a WebDAV folder in IIS and setting permissions on that folder to two accounts - one with read access and the other with full. From all the documentation, this should be a simple task. WebDAV is ...more >>

Hello, I've installed an SSL certificate I created on an IIS 5.0 server. Whenever our client use the website, they are asked to accept our SSL certificate even after they install it. Is there a way to prevent the users from getting prompted to install our certificate over and over again? Thank...more >>

We have an IIS site with a SSL cert installed. We are setting up a new extra URL and a new cert to access this site and needed SSL for it. Can we configure IIS to accept 2 certs for the same site? so you will be getting SSL no matter which URL you use to get to the site. Thanks -jas ...more >>

I need to be able to control the content of the site by which user logs in. Say have an extra link on the admin group account for admin changes to the site. Any help is appreciated....more >>

Hi 1st time here, so excuse my ignorance and if this thread has been discussed. Is it possible, within IIS5, to configure the ftp server to tear down the connection after a 'configurable' number of failed auth attempts with a bad id / passwd? tx in advanced...more >>

Does anyone know where exactly in a Win2K IIS 5.0 Server you would define the cipher type allowed in an ssl session. I sumise that it is a registry tweak and would appreciate any info on this topic Regards, Danny Schelberg CCNA, MCSE, MCP + I Network Engineer Procurestaff Volt I...more >>

I have generated a certificate using Certificate Server. Everything is working, except I get "The name of the certificate is invalid or does not match the name of the site." I have re-generated the certificate several ways according to article 813618 and 232161. I am trying to use an ip address inst...more >>

I am running a pure SSL website using forms authentication with encrypted authentication cookies. I can tell ASP.NET to issue the authentication cookie with .Secure=true so that the browser only submits the cookie over an SSL connection. However, the server does respond to http requests ...more >>

We've had some security consultants go over our website looking for vulnerabilities, and they've found a binary file exposure problem, but I can't reproduce it - has anyone seen something like this? My website runs on SSL and uses forms-based authentication. IIS lockdown and URLScan 2.5 ...more >>

Our office currently has a server connected to the Internet that allows our employees and clients to access it via HTTP, HTTPS, FTP and email. We put it behind a linksys router and passed the appropriates ports directly to that machine while blocking all other ports. However, we're moving ...more >>

I am unable to connect to secure web pages (e.g. logging in to hotmail)with internet explorer 6. I have gone through the security settings - but no luck... Please Help! ...more >>

Hi, Can you tell me how IIS and Sharepoint communicate about authenticated users??? Regards, Sweta...more >>

Hi My ASP based website relies heavily on an MS Access database to display it's content. The database is outside the root directory of my site, so it cannot be accessed via the web, and a System DSN has been set up on the server. This worked fine, until the security of my database became an issu...more >>

With Internet Explorer 6.0 I keep getting "page cannot be displayed" error on secure sights. I have a Dell brand computer and they have not been able to solve this problem. Please help. Thank You! Mistie6802@yahoo.com...more >>

My website got hack and I want to know how can I replace my index.asp, index.html, default.html and default.asp. Everything else is okay but they seem to have replace these 4 files, how can I replace these files if my original ones have been replaced. Thanks ...more >>

Hi, Is there a simple howto on getting a Win2K client, logged on to Active Directory (AD) domain, get a file from IIS server (running on AD server) with Kerberos authentication ..? -- IIS server is running on the Active Directory server (win2k domain server). Win2k Server, SP2 IIS 5.0 --...more >>

I have a very small website, 1 page right now, it is for internal use only. I have anonymous access disabled and windows authentication enabled. When any user, even the web server itself, uses IE to connect to this site, I get a box requesting my usename, password and domain. All machines in ...more >>

I recently followed the article below as an added IIS lockdown step. Removing cmd.exe for some reaseon does not work since it keeps getting restored by what I sumise to be windows file protection. Does anyone know what else I can do to insure cmd.exe does not return to the default path eve...more >>

upon downloading critical security updates, KB828035 will download but quits at install. After several attempts to complete install without success Im baffled. Any help???...more >>

I have setup IIS 5.1 in my Win XP Pro, after setup i can't view or display the .asp page but it's work for .htm page. how can i solve this problem?...more >>

I have tried to follow the instructions that I carried out for Win2k now I cannot get my website to work on a server 2003 Domain Controller. Is there better instructions out there than the MS instructions which are all out of date? Also, there is not Local Security Policy in the Admin tools,...more >>

I have an ASP .NET Application running on a windows server 2003 system. Configured IIS to use integrated windows authentication. As an admin of the system, I do not have a problem accessing the web site hosted on this system. But other users in the domain get a 401.3 Unauthorized due to ACL on r...more >>

OK......!! I have got this working before but now it just seems it does not want to work!! I have a web server running IIS 6 on Windows 2003 Enterprise edition It has 4 network cards and should run 1 web site per network card as each site needs it's own SSL cert I have removed the use all una...more >>

I set up a virtual directory within the default web site. Clicked this virtual directory and went to properties- >Directory Security->Edit Enable anonymouse access->ensure enable anonymous access is checked and using iusr_machine with correct passwd. But when I try to access this virtual ...more >>

Each time a restart my computer and use internet explorer the default page changes and the list of recently viewed pages turns into porn site. Is this common and what is the solution. Thanks...more >>

I have only IPSec installed, no firewall or anti-virus. Is that secure for a web server? Isabella ...more >>

Hi All, I have setup IIS to require a SSL connection to access my website. However, when i try to connect Internet Explorer says that the page cannot be displayed. If i then try to access the site without the https, i am told that i cannot access it because its requires SSL. Additionally...more >>

I am getting an access error ( HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Internet Information Services (IIS)) when trying to access the default web site on a Win2003 Server that is in a domain using anymous access. This occurs if I disable the Integrated Win...more >>

hi i am getting the following message on my web browser. can someone tell me what and why this is happening. and what is the solution or remedy for it? The page must be viewed over a secure channel The page you are trying to access is secured with Secure Sockets Layer (SSL). ---------...more >>

Hi.. How do you configure your website so that it forces clients to have a certificate before allowing access? Andrew ...more >>

Dear All, I am currently using Windows 2000 SP 4 with IIS 5.0. I found that IIS 5.0 can't handle multiple request at the same time=20 with the same Web site(Application), here is the code for testing: -----------------------Begin-------------------- <% response.write "Start Time : " & now(...more >>

I've setup a Windows 2003 Standard Server as PDC with IIS and a NAS (Dell PV 725) with Windows Powered 2000 Server. A simple website (IUSR read-only, client R/W) with a password protected directory for the website statistics (no IUSR, client read-only). This situation hosted locally on the W...more >>

In a conversation recently, one of my co-workers was arguing that it was acceptable to set up the IIS anonymous account as a domain user that is a domain admin. I argued against this point, noting that if someone were to be able to "hack" thru a web page, they would have full control over not...more >>

I run Win2k Adv. Server (with IIS4/5?). I set up a website on it. Each time when I'm opening the site from another machine it always asks me to login with my Windows username and password. Please anyone help to tell me what's going wrong in my IIS settings? Thanks....more >>