Is there any way, I can create a windows security group and then delegate to manage the IIS admin without giving the complete server administration right? I am aware that, the IIS oprator group is unable to create virtual directory i.e. by design. I want the security group members shoul...more >>

I am trying to execute a python script on IIS 6 as follows: Anonymous access http://cvstest/viewcvs and http://cvstest/viewcvs/viewcvs.cgi Both of the above work. I have made viewcvs.cgi a default page for the directory. Authenticated access: Removed anonymous access, added ACL for user gr...more >>

IUSR_Computername gives users anonymous access to the web site. What gives IIS or the IIS service or ASP pages on the web server the access to say FoxPro or Access data on another server (files are not SQL Server so not interested in how SQL does it) Thanks Dermott...more >>

Hello all, I am getting very strange log entries on one of my web servers they look like this Get, /Default.ida,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Does anyone know what could be causing this. IS it a virus or a sign of intrusion? Tha...more >>

Hello, I've set up a OWA (front end) on our DMZ. The recommended template for OWA is used on URLScan. The problem is that it blocks URLs containing "&" and ".." signs. This is very disturbing for our users because many emails contains .. and "&" and ".." signs in subject line. Is there a...more >>

I have an issue with "HTTP Trace Support" being enabled. I have found documents that state "Use URL Scan" to fix the problem. I do not want to use URL Scan due to the fact that it caused more problems then it fixed. I keep running into the refrence of "RFC 2516" regarding "HTTP Trace Suppo...more >>

I have just install URLSCAN in my win2k server. I have used the frontpage website search component in my website. This component uses the indexing service. When I tried to access the page http://testsvr/myweb/v4static/searchlt.idq I get this error msg: HTTP 401.3 - Access denied by ACL on r...more >>

Please!!!! Can some one help me stop these pornographic pop-ups from plastering my screen 4, 6, 8, or more at a time? I have young children and there is no excuse for them to have to see these uncontrolable pictures that just come up out of no where. One picture is bad enough, but I can...more >>

Hello, I have several clients of two web based systems who are being prompted with a popup for their name and password for a website. This is fine since it was configured in this way. The problem is that they (and on some machines myself) put in the proper credentials Username - Password - D...more >>

HI I am trying to generate a CSR for a server to be hosted in Gibraltar. If I try to generate a certificate signing request using IIS5, I find that in the field for specifying the Country/Area code there is no entry for Gibraltar (GI). It is only possible to add a area code from this list. ...more >>

Please help me to get SSL to work on a standalone PC (Non Domain). I created a web page using CGI that does file upload. I wanted to make this secure so that names and passwords are not sent in the clear. I installed Certificate server locally on the box. I went into IIS and said use ...more >>

I am trying to have users use their standard windows login information to login to a website. However, For certain members I get a 401.1 error page. It seems to be linked to the user because it happens because of the user logged on to the computer. As in, if I put in an administrative usernam...more >>

I have used IIS for years and am in the process of moving my websites to IIS 6.0 (new servers, not upgrades). I would like to lock down the security, but I don't want to lock it down so much that the system can no longer process the files. I also see that Windows Server 2003 & IIS 6.0 ad...more >>

Microsoft Customer this is the latest version of security update, the "July 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting Internet Explorer, Outlook and Outlook Express as well as five newly=20 discovered vulnerabilities. Install now to pr...more >>

Hi There, How can I hack the security in the office and try and access the sites which we are denied access into?? Ajitesh...more >>

*******GREETINGS************** We are writing to tell you about the problems of "Abuse" with their Message Service> I didn't mind before or when I first started recieve these messages because I didn't know what it was. I didn't know what popup message was.. but gave me message of: Your comp...more >>

Hello, This is a quick heads-up to let you know that there have been 'sightings' of a new worm which seeks to exploit the latest vulnerability in all versions of Windows. More details here : http://grc.com/default.htm http://vil.nai.com/vil/content/v_100516.htm Patch available here : ...more >>

I have install the certificate on my certificate server and enabled the ssl port. Now when i access my webpages, the browser gives me warning that the CA is not the one trusted by my browser Yes or No if I would like to go ahead. What can i do to suppress this message from coming up on ...more >>

Hi, I have two web sites (site A and Site B) on the same IIS server. Site B is set with 'Basic Authentication' mode. Site A doesnt have basic authentication enable. From site A I programmatically get the user name and password to validate the user and redirect the user to Site B. Her...more >>

Hello. I installed a local CA on my web site using the Microsoft ca server. This is a stand alone box. I then had it apply the ca certificate from the local server. I can view the certificate. The problem is if I enable require ssl then try to https: the web page i get page can't be v...more >>

Hey everyone, Thanks for all your support but, I did what some of you told me and edited my urlscn.ini and IIS still loges the rejected requests, it dosn't log like the whole string but it does still log them, Is there anyway to make it so IIS will not log any rejected requests that urlSCa...more >>

Hello I am an ASP developer working on NT 4.0 platform with IIS 4.0 server. I am trying to do security from the brower by calling the "GetTokenInformation" to get the NT authentication token to ensure that the user has logged in. My question is is this possible through scripting (javas...more >>

We have just installed Windows 2000 Server and IIS 5.0 for a new web server. I noticed in checking for security patches that there are two for IIS that are called "cumulative", Q301625 from MS01-044, and Q811114, from MS03-018. Do I need to install the earlier one first, or does the one ...more >>

Does anyone know how to programmtically ban IPs within IIS 5.0 and W2k? I have a process that parsers my IIS logs looking for malicious activity. I want to be able to programmtically add the IP address of the malicious requestor to the denied/blocked list. Thanks......more >>

I have a user that is using a program called Cinderella to generate java pages. The server that we use is IIS 6 with FPSE. This is the error message that I receive when I look at the java console: java.io.FileNotFoundException: http://www.optics.arizona.edu/jcwyant/Geometry/Optics.cdy jav...more >>

I have a bunch of IPs that are denied access to my server. For the most part it works but..... there are one or two IPs that are still able to have access to my system. I've double checked the logs and then reentered them in the denied list but they still are being allowed access. This is a win...more >>

I have asked a query to this group some time back. With the help of this group I am able to solve the problem partially. can any one help me in solving this problem. My Question & Steps taken is given below. My Question was---------------I am hosting a intranet server on a windows 2000 se...more >>

I have a Web Application(written using Visual Interdev) installed on Windows 2000 Advanced Server. The application is set up to use Integrated Windows Authentication ONLY, and I'm also accesing a SQL Server Database installed in the same computer. I have an entry(MYWEBAPP) on the DSN SERVER poin...more >>

Dear All, Our application need to modify the "remote_user" in an ISAPI filter/Extension for IIS. Our findings are: 1. IIS doesn't allow any modification on the "remote_user" field directly. 2. We learned from newsgroup discussions that by setting HTTP_AUTHORIZATION header ...more >>

I've been tasked with the job of migrating an iPlanet Web Server to IIS 6.0. I wrote nearly all of the CGI on the server so I've got a pretty good handle on what its trying to do. There are several scripts that provide web- based utilities, to read directories, set permissions, etc. within...more >>

need help!! while online someone accessed by computer and changed the settings. They activated the content advisor and added a password, I can only get on the net via netscape and I am seeking a fix for my Internet explorer...more >>

Hi Everybody, I administrator a intranet web site. I found that there are IE 6 (on Windows 98 or 2000) that sending out extra requests for default home page. These extra requests are transparent to the users, but seen on the IIS log. e.g. 14:41:31 xxx.20.135.181 - GET /queries/loginDlog.cfm ...more >>

I've got two IIS servers. One public and one staging. On the public server the ASP code works fine however on the staging server I've started getting this error recently: error '8002801d' Library not registered. /default.asp, line 4 There is nothing in the code to indicate what the ...more >>

I'm running IIS5 on Win2000 server, and I'm attempting to internally restrict access to a particular intranet site using internal domain names. I've set the IP Address Restrictions to "Deny Access" and populated the list with domain names that I want to access the site, but all my users (...more >>

Is it possible, via some registry key or something, to give IIS a range of assignable ports when the FTP client sets the FTP session to be passive. I'd setting up some stateless packet filters for a server and would prefer to not allow incoming connections from the entire unassigned port ...more >>

Is there a way to configure ASP.NET with IIS on one server and SQL on another server, using Integrated Windows Authentication, without using Impersonation, and not embedding any passwords in config files or anywhere else on the systems? It runs out of the box this way with IIS and SQL on ...more >>

When I try to log in to access my Comcast email, I get an IE Security Information box that says "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" I then have to log in manually each time, because automatic signin seems to have got disabled at...more >>

how to disable port 135 please... step by step guidance? thank you....more >>

Hi all: I wanted to disclose my internal IP address. I cant find article Q218180 any help for me. How do I do it if I have the following scenario. I have changed and renamed my default Inetpub directory to E:\Proview\. Also, I have deleted the particular file needed, i.e. adminscrip...more >>

Hi all, Does anyone knows if i will be able to strengthen my internet security if i add an iis web server on top of my existing iis web server where my applications resides?? Thanks. Pls give me some url references if possible....more >>

While surfing i often am confronted with ads that monopolize the entire window with no way to close them and continue my activity. What in the world can I do to stop this. Also is there a cost free safe way to eliminate the "message alert popups that appear continuously on my screen in mul...more >>

Hello all... How do I issue/configure and install my own SSL Certificate in .Net server for use with my intranet.... Basically I use this server as a testing server for my web development projects and am developing an application that will require SSL.....so there is no reason to purchase a...more >>

how do i configure the prots on the router to allow file transfer on icq? the user on the other side is not in a network. ...more >>

Is there a way to configure IIS 6 to first try Integrated Authentication via Kerberos only and if that fails, to fall back to basic authentication? I have some applications that need Kerberos proxy and fail if NTLM is used. -- Eric Chamberlain, CISSP ...more >>

Hello there, I desperately need help here.I cannot enter to my mail, any of them(yahoo 'n hotmail).The servers continue telling me that my "cookies" are disable.I found out what cookies were, but, actually, I don't really care.I just want to know how to enable them and get into my mail!!!!...more >>

I created a new IUSR_person with a password. I have anonymous access checked & I enter the IUSR_person password. I need to have [allow IIS to control password] unchecked. But when I do, I get the login prompt on the website. Why do I get the login prompt? ...more >>

anyone know how to change your password on outlook express...more >>

My SSL stopped working and I have received the following error. The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicat...more >>

I have a PC that has tons of junk on it from people FTP-ing into it. So = of the directories cant be deleted. How can I get ride of those directorie= s to clean up the PC. I have already disabled anonymous authentication....more >>

Can someone please explain to me why I can get every other win2k machines IIS started on my win2k network but, the primary domain controllers IIS won't! I would appreciate any feed back on this! Kenny...more >>