Hi, Does anyone know what kind of attack is this and how can be prevented? IIS servers will not be able to serve any other pages for the time when this attack is active. We use UrlScan and we have IIS 5/6 patched with latest security patches. However from IIS logs I can not see much abou...more >>

BufferShield is security software, capable of detecting and preventing attempts to execute code on the stack and the heap memory area, in order to stop the exploitation of buffer overflows. It is a very useful addition to Windows Update, minimizing the risk of unresolved security exploits, cause...more >>

I was running a search on my computer and I noticed that it saved my search on the autocomplete. I found out how to do it so that it doesn't show the autocomplete. But I want to know how to erase everything that has ever been searched so it doesn't come up any more. Thank you...more >>

When I was running a search, I noticed that it saved the thing I searched for. I found out how to turn off the autocomplete, but can someone PLEASE tell me how to clear the autocomplete list....more >>

My IIS 6 on Server 2003 worked fine for a month. Then, all of a sudden, it began prompting for a user ID and password and no id password combinations worked, including the admin. The system had not been touched for 3 days prior to this beginnning to happen. The logs show a 403.3 and 403.5...more >>

I have an IIS server that has thousands of folders and files that have been posted by a hacker. I have tried taking ownership, forcing new permissions, cutting off inheritance and am unable to move or delete the files. I ran The Checker to scan for trojans and backdoors, but it found nothi...more >>

Is there a way to permanently turn off Integrated Windows Authentication on Windows 2000 SP4 IIS 5.0? We know that you can uncheck the box for it on the Properties for that specific virtual directory under Authentication Methods, but every time the server is rebooted or if the IIS Admin Se...more >>

i have a non commercial web site on my server that i ask users to log into. they have to pass a name and a password. i want to use ssl but cannot afford to buy it every 2 year. can i make my own certificiate for my https? i understand that a user will get a message saying my cert is not fro...more >>

Hello, I have run into a problem and I wanted to run my idea by the group to receive your feedback on it. I would like to follow the best practice of putting the system, web content and log files in different drive partitions. However, I have to do this on an existing web server with ...more >>

Hi I have two W2K member servers in an Active Directory domain. One runs IIS, the other holds dbf files that are to be accessed by ASP scripts running on iis. I am getting the following error: Microsoft OLE DB Provider for ODBC Drivers error '80040e37' I have read up on KB 175801 and done wha...more >>

I currently have a manual process as a part of an install that I'm trying to automate. Is there any way to do the following to an individual FILE within a virtual directory through ADSI, WMI, or some other means (ie. Win32 API's)? a. Run Start-Programs-Administrative Tools-Internet Services M...more >>

When IIS 5 starts with the default settings, it listes on ports 80 and 443. I have the ability to modify the IP addresses and ports for non-secure communications but the settings for the Secure identities are not enabled. I have a separate web server which needs to run on port 443 using ...more >>

We are running a asp application on an IIS 5 server. Part of the application reads account and domain names of the users and stores it in a database. This works fine as long as the users are in the same domain as the IIS server. When users are in a sister domain in the same forest, the ...more >>

I have a couple of problems. One my homepage has been changed to find4u.net, I have followed microsofts instructions to get it back, I bought new antivirus software, loaded both spybot and ad-aware, i even tried to use the registry to change it, but every time I shut down and reboot it is...more >>

ok heres the deal yesterday i was Remote desktoping in to my computer when i opened a program that was using all my cpu when that happed it kicked me off Remote Desktop and i could not get back in to my computer the whole day anyways i was going to use IIS and ASP to write a aspscript to r...more >>

Hello: I have been using OWA with SSL and have been redirecting the http to https per TechNet Q279681. Everything has been working fine until the other day IE started getting a different error message which caused the redirect the break. Now I am getting "HTTP Error 403 - Forbidden"...more >>

Hello, When I want to use OWA from a Browser outside my LAN with the URL https://www.mydomain.com/exchange I get an error message "page cannot be viewed". (SSL 2.0, SSL 3.0 and TLS 1.0 is activated on the browser. I can access other sites with https.) It works doing the same from within the...more >>

Hello, When I want to use OWA from a Browser outside my LAN with the URL https://www.mydomain.com/exchange I get an error message "page cannot be viewed". (SSL 2.0, SSL 3.0 and TLS 1.0 is activated on the browser. I can access other sites with https.) It works doing the same from within the...more >>

Scenario: -------------------------- - Native W2K domain - Multiple DS and MS - IIS installed on one of the Member Servers - Main public WEB site with security set to ANONYMOUS ACCESS uses LOCAL IUSER_MachineName account of this member server. Inside Virtual Dir with security set to INTEGRATE...more >>

Failed to create 'CertificateAuthority.Request' object. I am getting this error on a Windows 2003 Certificate Server when trying to submit a certificate request. There are no invalid characters in the certificate. Thanks, Paul...more >>

Hello, I want to use Outlook WebAccess (Exchange 2003) with SSL on an IIS 6 which is running on a Windows 2003 server. I have created a certificate successfully. After I have installed this on the default website you cannot connect to the https/SSL port 443. But the IIS is listening on this p...more >>

I recieved a pop up message while I was on the internet. "Microsoft has detected that you have tracking software installed in your machine. This is not a virus, but a programin your machine that montors and transmits all your online activities and is a serious violation of your privacy. Cl...more >>

Something we've noticed with IIS 6.0 vs IIS 5.0 is that the client system shows the internal IP of the webserver, which is something we'd prefer not to broadcast. To reproduce this just use telnet to connect to a webserver on port 80 and type GET / That will show you some info as well as the inte...more >>

It is alot more secure and has a lot more support for other features. And if you didnt know apache can run on windows! Switch to Apache...more >>

I have migrated a Websphere application to XP from NT, and I am now having problems with IIS security. My app was working on NT with "NT Challenge/Response" authentication for IIS directory security but does not want to work on XP IIS 5.1 with "Integrated Windows authentication" checked. ...more >>

Anyone know if the error message below is being returned by IIS or not? All of a sudden any URL that contains a % or ' throws the error below. I encrypt some URLS which naturally have % in them. Several apps are broke due to this! 403: Access Forbidden Due to the presence of Cross Site S...more >>

Hi I am trying to access files located on different machines on my network through my IIS. Any help would be appreciated. Thanks...more >>

I use IIS 6.0, I want to use web-based login page, how can I do ?...more >>

I have the following Application Pop Up in an event log on one of our computers: Event ID: 26 "Application popup: Government Computer : Your ISP will be notified" Is this something that has popped up on the computer in question or is it something that has popped up on a computer trying to l...more >>

I'm using IIS6.0 on WIndows 2003 Web Edition. I'm trying to create a new CSR, but it won't allow me to add a comma to my Organization name. I've researched this is a problem in IIS5.0, and it recommends putting the org name in quotes. It still gives me the error in 6.0. Does anybody ha...more >>

This seems the best NG for my question so here goes. MS recommend installing SUS on a dedicated server. Does anyone know why this is ? I appreciate the web server is heavily locked down when installing SUS and can see why you wouldn't want to run other web sites on the same box. But, why woul...more >>

I am assisting our web developers in setting up IIS6 on a new 03 box and am looking for some whitepapers to best practices for securing and Intranet/Internet site. In particular I am looking for something that discusses the use of the predefined users IWAM_<server> and IUSR_<server> names in re...more >>

Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http:...more >>

Hi, I have installed IIS 6.0 on W2K3 Enterprise. I have configured the 3 sites as per the necessary requirements and the sites as well as the concerned application pools are up and running. If I run/enable the application pools using Network Service or Local Service accounts, the pool will stop upo...more >>

this pop ups just keep on comming and comming, i know there are pop ups blockers that you can buy, but before someone helped me do it by changing something in the computer some configuration.... anyone? thx ...more >>

We are currently hosting sites on a single server running Win 2000. We want to: a) Upgrade to 2003 and move the sites to this new OS b) We want to ensure that the new infrastructure has fail-over (hence if one web server fails the other keeps going) c) Does 2003 offer the same Index Server s...more >>

We're developing our own site and we are curious about how other sites are implemented. Can someone tell me how this site may have been done? Go to http://www.datek.com/ and click on the green 'Datek Log-In' button at the top of the page. I recognize that you are taken to a page protected b...more >>

Several unwanted icons have lodged themselves just under the address window on microsoft exploser 6. These are unwanted links to various internet sites. Does anyone know how to get rid of them? I have run virus detection software and they are not located as a virus....more >>

Hi, I'm trying to create the object OracleInProcServer.XOraSession in ASP and I get the folowing error: Server object error 'ASP 0178 : 80070005' Server.CreateObject Access Error The call to Server.CreateObject failed while checking permissions. Access is denied to this object. ...more >>

Hello, I have forgotten the password I used to set content advisor up. How do I reset the password in Internet explorer? Mindy ...more >>

Have just installed Windows Server 2003 (Small Business Server 2003)& transferred web to IIS 6. It works fine during the day, but access to the site is denied after business hours????? ie site does not work between 5:30pm & 7:00am Any Ideas...more >>

Is there any sort of filter or configuration that would allow me to restrict access via user-agent/browser type in IIS5 and/or 6? TIA, Jeremy ...more >>

Hello, I need to setup a password protected website for our company by using windows 2000 server (IIS 5), and also need to LOG and monitored each user's activited. Could someone help me out with this one. Thank you, ...more >>

I upgraded to WinXP last week and installed IIS. When I try to run my web app (Java Applet and lots of ASP), I get the following error logged in EventViewer: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 534 Date: 12/15/2003 Time: 1:18:10 PM U...more >>

I finally set up a certificate on my IIS server for Outlook web access. My question is how do I set up a redirect. The old address is http://servername.ucdavis.edu/exchange, and I want them to be autoredirected to the https site. In IIS Admin, it is using a virtual folder called \\b...more >>

I have a standard install IIS server running with Windows Authentication on our Small Business Server at work (1024/512 ADSL). I'm running a small asp web site that generates pages from our sales database of around 1k per page (no graphix, just text). I'm using a PDA (HP iPAQ) and a Bluetooth ...more >>

Hi, I've many clients computers whit XP professional OS and=20 2000 professional in a Windows 2000 domain, my intranet=20 server is =E0 Windows 2000 server (IIS 5.0). Any time that a client XP try to view the home page of=20 Intranet, obtains a error message "HTTP 401.1 -=20 Unauthorized: Lo...more >>