I have a situation where I need to have the same Windows Server 2003 log in account use two different passwords. Is ths possible? For example, user name: acctrec password: mypass1 password 2: mypass2 Then user "acctrec" can log in using either "mypass1" or "mypass2" as the password. Can ...more >>

Can anyone tell me please what kind of firewall is the most effective for IIS 5.1 except the one already included (ICF). Any suggestion is much appreciated....more >>

I am working with a company that uses Server 2003. They are claiming "Unfortunately .HTA is disabled on our servers for security reasons. I'm sorry, but we will not enable it and comprimise the integrity of the server." What are they talking about? IS there security issues? My understanding was ...more >>

I'm trying to start the www service on my laptop and when the service won't start, I get an error message. Normally I only run the web service when I'm not connected to the internet but earlier today I had the web service running while connected to the internet. I've been away from the w...more >>

We have a website with Basic Authentication turned on and Allow Anonymous turned off. When we do a response.redirect in an asp page to a file on that website and we pass the username and password in the header, we get challenged for credentials with Internet Explorer. However, in Netscap...more >>

how do i stop nasty, filthy pop ups coming up. ...more >>

Our security policy requires that I remove the IWAM_ComputerName account and replace it with a new account. I have deleted the system account and modified the registry so that it is not recreated and I have created the new account. Now how do I tell IIS that this is my new IWAM account? Any help ...more >>

SOMEONE HAS REGESTERED MY E-MAIL ADDRESS(S) WITH NET PASSPORT WITHOUT MY KNOWLEDGE OR CONSENT. THEWY HAVE USED THE ABOVE E-MAIL ADDRESS TO SENT OUT THOUSANDS OF E-MAIL MESSAGES TO PEOPLE I DO NOT KNOW PROMPTING SOME KIND OF GET RICH SCHEME SENDING E-MAIL. THEY ALSO USED AN ADDITIONAL E-MAI...more >>

Hello, One of our web pages has a link to a .exe file with it. If you click on the link, you get the standard "Page Not Found" error. It probably has to do with property settings or something, but everything I've found in the newsgroups doesn't apply to our situation. Any advice would b...more >>

Hi I'm a newbie installing a server with Windows 2003 Standard, to put in a ISP to work as a webserver. Since I'm new in this I would apreciate some security advices or some links. Which is the best (securest) way to upload files to the server? FTP? Is it recomendable to use TCP/IP filt...more >>

My requirement is to get a FIPS 140 compliant SSL connection going in pocket pc 2002. The DES encryption is an approved module. My own test seems to indicate that it will not work but the schannel dll and rsaenh dll seem to support DES. However, I am unable to determine if IE will support ...more >>

Hi all I'm trying to configure Domino with IIS and am having some problems. Scenario is this… Windows 2K SP3 IIS 5.0 Domino 5.0.12 (http not running) IIS has been configured according to the Domino Admin help. I originally tried using the GET,POST verbs for niisextn.dll.dll as instruct...more >>

1. How can you test if URLSCAN is working? 2. When is a new dated log file created? It appears to be created only when the IIS server is restarted. The reason I am asking is my log file most recent date is 11172003. ...more >>

Does Pocket IE support DES encryption for SSL? I have been unabld to find a definitive answee in the knowledge base and I was hoping someone may have experiencein this area. Thanks, Scott ...more >>

I am a developer not an administrator and want to ask you guys for ideas. I need to control access to my web site via login information in a database on the server. The only way I see to do this is to use an authenication scheme that doesn't require a user login (either anonymous or ce...more >>

We have an application that creates an excel report which is stored on our web servers. When trying to retreive the reports (reportname.xls) we get an excel message saying it can not open the file. The IIS log says -200 for the get request and the Iuser_account has full access to the direc...more >>

Is there anyway to stop certain websites in IIS from serving certain file types? ...more >>

Anybody know how to remove an app which affects the address bar on Int Exp. it calls itself spidersearch.com. Really it justs keeps putting popups and addresses for xxx sites on screen. I can't find the programme to remove it and when you right click the link it won't give a delete ooption...more >>

I am using winHttprequest object to make a request to an asp page sitting on a different server. The IIS server returns a HTTP 403 error. If i request the same asp page using a browser the page is served. What security setting to i need to change to allow the request....more >>

I've setup Digest Authentication on IIS6. It is the only authentication method used and webpage can be viewed successfully. The only problem is that when I press refresh or click any link to goto next page in the same site, I always get the password pops up and I need to type in the username,...more >>

for win2k adv serv, iis5.0, running activeperl as well as asp/vbscript this my first web server but am familiar with local type file permission issues from programming for now i'm using the default IUSR_.... account for my virtual website visitors i need to write log and data files from asp a...more >>

MY SMTP server is now being used to relay spam, in the logs there is no client IP address for the bad mail and the User name is OutboundConnectionResponse ? Any ideas? SMTP has been setup to only relay and allowed access from my private IP. Checks out with sam spade as NOT an open relay....more >>

I am looking into a secure solution for FTP and was thinking along the lines of installing a SSL Certificate and have heard it is possible. Can someone point me in the right direction? Or maybe give me a better suggestion. I need to send files to customers in a secure manner. I am runnin...more >>

I have a quick question about basic authentication. The only way I've found to get a non-administrator user successfully logged into the website using basic authentication, is to allow the user "Log on Locally" rights under the domain controller security policy. Am I missing something?, this...more >>

I was checking my IIS logs this morning and I found something unusual. 3 different IP address' have been trying to access my intranet site. Here is an example from my IIS log: 22:19:00 61.175.197.178 Administrator OPTIONS / 401 22:19:00 61.175.197.178 - OPTIONS / 401 22:19:01 61.175.197.1...more >>

Does anyone know how to disable SSL 2/3 on IIS thereby forcing TLS? I realize you can do it at the client browser but it would obviously be safer and easier to do at the web server. The Microsoft link below supposedly describes how to do it but it has not worked on Win 2k, IIS 5. Any help wou...more >>

Hello! Is it possible to use a Win2000/IIS 5.x machine as a development machine for Visual Studio 2003 created ASP.NET applications? Or is it necessary to upgrade to IIS 6? Thanks!...more >>

I run IIS on XP Prof. I ran through the web certificate wizard . I recieved a response back from verisign. All steps are followed but when the final button is clicked the wizard states that the it "Failed to Install - KeySet does not exist"...more >>

Hi What are good permissions to apply to the Inepub and subdirectories and also content directories? This is just an Intranet web server. Using IIS 4. Thanks Elusive...more >>

I am trying to upload a file from one server "A" (ADSL 64k) to another server "B" (ADSL 128k) and it starts (I am using a script with ftp -s scriptname.txt) and since I have "hash" as one of the flags I can see that the file is being transfer but when the script is done server "A", the file diss...more >>

Hi everybody, I will want to redirect a user who arrives on my server to an another server. I do not want that he sees IP address of my second server. I tested the redirection in the properties of the site, but the user sees the address of the second server. Is it possible to mask the IP add...more >>

I want to disable WSH, so it can't be used in ASP scripts on my IIS 6.0 server. How can I do it? I have tried to do following: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/scrguide/sas_sbp_lhak.asp But the users can still exec binary code from ASP by using ...more >>

Are there any good articles on securing IIS 6.0 and Windows 2003 Small Business Server? Please send if available. I know that there was a lockdown tool for Windows 2000 but I don't see one for Windows 2003 IIS 6.0....more >>

I would like to eradicate an Eggdrop IRC infestation on a Windows 2000 web server. This does not appear to be the Backdoor Eggdrop that can be found with anti-virus tools. No tools have recognized this software as a virus. The windows registry appears to be clean, along with the usual s...more >>

It appears that a Hotmail account close to me has been hacked into and its security features (password, secret question) changed. Does Microsoft provide any assistance with that (i.e. track down the i.p. location of the last successful logon, etc)? Please please reply asap, to my email a...more >>

we have an on-line application which is a form to collect data from our client. For testing, I didn't set the write permission to a testing user to the web files directory, but it seems he still can write to the database. So does it mean we don't need to give write permission to the ht...more >>

Hi I have problem with DLLHOST.EXE each day. How can I kill old dllhost process automatically ? Thanks Ray ...more >>

New prob... When i SSL-enable my website with a certificate, and i make it to 'require ssl', i get the following error when connecting to https://<mysite>: [Secure Channel Required This Virtual Directory requires a browser that supports the configured encryption options.] i've tried ce...more >>

Hello, Windows 2000 SP4 Domain Controller received the following error and IIS isn't functioning properly as a result. Searched Technet and EventID.net ...came up with nothing. Reinstalled IIS and even deleted the IIS accounts, etc etc...reinstalled it again, rebooted - nothing. Here i...more >>

I've downloaded and installed IIS Lockdown 2.1. I recall in 2.0 you were able to specify the URLSCAN log file inside of the URLSCAN.ini via this command "LoggingDirectory=X:\urlscan". I did not notice this option in the newest version. Can anyone verify for me that this can be accomplished with 2...more >>

Hi all Can anyone tell me if there is a failsafe way of securing the change password facility for IIS and Exchange via the 'outlook web access' change password option over the web. I have implemented the Tech article IIS: 'Q331834 Change Password Functionality Replaced with Active Serv...more >>

Hi. Installed IIS Lockdown 2.1 on Win 2000, and after that .asp script to generate a .txt file on a safe partition (F:) fails bigtime. The .asp page does not even show up with other than 500 internal error message. Where can I ease up the IIS Lockdown tool to let .asp script writes to F: disk...more >>

Experiencing intermittent problems with SSL on IIS 4. We provide an Interactive website which runs on IIS 4 (will be upgrading in new year) using SSL. This runs fine majority of the time however several times each day requests to this website (https://) fail with Error 504, the website is still ...more >>

Setup: own CA in trusted, webserver in DMZ. Goal: getting an iis certificate for that webserver Modus Operandi: * start IIS wizard, create a CERTREQ.TXT file * on the CA, startup certreq, try to validate Result: 'No valid template found, validation denied' Anyone an idea wh...more >>

win2k adv server, iis5.0, latest perl i'm getting a permission denied denied error message when trying to open a new file for writing i'm converting an asp/vbscript to perl and trying to write to the same directories that the vbscript was able to write to in trying to figure this out have come ...more >>