I have been hijacked by TDMY.COM and can not get free. Can anyone help? I have Hijackthis.exe from Spyware but I am too inexperienced to succeed. ATT.NET agent tried to help via telephone but failed. Need super computer help. Thanks Ed...more >>

I have the exact same question that Lawrence has. How can I get rid of these pop-up messenger windows when I'm not doing anything on the internet or using my e-mail? Is there a fix other than paying them to stop by buying their software?...more >>

We have the following mystery on our IIS4.0/NT server. In the key manager we see only one certificate for joeswidgets.com. However when we access SSL from a browser we see a different certificate for joes.com( all names fictitious). We are moving to a new server, and only need the joes.com ce...more >>

Excuse my ignorance, Is there any "access server only within this time frame" options for IIS. We have IIS installed for access emails remote and Im having login problems outside 9-5. All users on the server have 24/7 access rights. Help its doing my brain.........more >>

Hi- I was wondering if there is a problem taking out the URLscan directive "Don't allow multiple CGI processes to run on a single request". It filters out & (or "%26"). If perl is not installed on the server and we're not using (or planning to use) CGI would there be any risks in removin...more >>

I have a simple test that works fine on IIS 5, but I can't seem to get it to work with IIS 6.0. I just loaded Windows 2003 Web Server and haven't changed too much on the IIS 6.0 configuration. I created a simple .NET windows form application "myapp.exe" that is just a form with a couple of con...more >>

Not sure if this is the correct helpdesk but can anyone tell me how to stop pop up messages. (the "messenger service" messages)? ...more >>

As I understand there's no encryption or good security by default when using IIS FTP. I saw something about Web Folders and how to connect to a server using it, but I couldn't find information about how to activate it on IIS. Does someone have a good link concerning this issue or maybe som...more >>

We have an intranet site that I was going split into departments. I set = the security on the default.htm file to only allow one group/department = to see it and I then forced directory replication and it's still letting = anyone and everyone in. ....? --=20 Scott McDonald...more >>

Hello All, I am looking for information about securing an FTP server, specifically regarding the way passwords are sent. I have already seen information about using SSL certificates or VPNs to help with this, but I was wondering if there is another, simpler way to prevent any person with a n...more >>

Can IIS authenticate users against a database? If not, is there tools that I can do that? Does the tool keeps track of the date the user logged-on to the site? Thanks,...more >>

IIS is running but localhost can not be displayed. I got this error message in my event log: DCOM got error "Logon failure: the user has not been granted the requested logon type at this computer. " and was unable to logon .\IWAM_Computer_name in order to run the server: Any help?...more >>

just recently added 2000 server and now when trying to access secure website we get the above message. It states to look at the acl's but where in the system do we check? any help would be great......more >>

What info do the pop ups use to attack my computer? Is it the IP address and can that be changed to stop them?...more >>

Good day, I'm having a little trouble. I'm trying to turn on the Security Auditing within a webfolder. It will not let me, it comes back with a message: "The current Audit Policy does not have Auditing turned on. Ask an Administrator to use User Manager to turn on Auditing." I went ...more >>

Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info/faq.asp#top My question is not mentioned below. How do I get an answer immediately, with no wai...more >>

Hi, I am developing a web site using the following : - 2 x servers - IIS5 server running on Windows 2000 Small Business Server - NetBIOS name WWWSERVER, running as PDC - Windows 2000 Server - NetBIOS name SERVER2, running as BDC (this box holds DBF da...more >>

Running IIS 5.0 on XP I originally installed a self-signed certificate (signed via OpenSSL since Certificate Services doesn't appear to be available to pro XP.) When I tried viewing the site using https with IE running on the server itself, got a message telling me the CA wasn't truste...more >>

How do I secure my IIS 5.0 FTP site using SSL?...more >>

I have a server that has been running clean for over a year. I installed SP4 and during that install my URLSCAN.INI file was reset to 0 bytes. So all web traffic was being blocked. Took me a while to figure out it was Urlscanner doing it. Uninstall urlscan, reinstall everything is fine... Un...more >>

Not too long ago I received messages that in order to access some personal data that is maintained for me on the Internet, I needed I.E.5.0 or greater. I accept the fact that my I.E.4.0 is outdated. I have a H.P.Pavilion 4540 w/Celeron 433 MHRTZ processor 64 MB RAM 32x ...more >>

Would there be any reason that I would not want to include .dll extension in the [DenyExtensions] section of my urlscan.ini file?...more >>

I would like to make Basic authentication more secure by using SSL. I know how to implement this using the properties dialog for my web app, selecting the Directory Security tab, and under Secure Communications, checking Require secure channel (SSL). But I believe this makes the entire app...more >>

I need HELP! Non Administratives get this messsage when attempting to access a file I have created on the c: drive. Do you know how to give them rights to get to this file?...more >>

I think my box is being hacked. I've set my local security policy according to one of your mvp's and although the failed login attempts can be seen in event viewer's security tab, I cannot find the relating failed attempts in the logfiles. I could be looking for the wrong thing here, or ...more >>

I use iis v5.1. I have a major problem submitting a certificate request. I followed the instructions in the Microsoft knowledge based article 290625 religiously. After creating the certficate, i tried to submit it by visiting http://mji/certsrv where mji is the bios name of my web server....more >>

I recently tried to configure my IIS to enforce SSL connections. After following several tutorials for forming a certificate request, signing (self-signed with OpenSSL), and installing it, I get the following weird behavior: when I tried to access the website using regular http using a broswe...more >>

Hi, I keep on getting "Access denied attempting to Launch a DCOM server" EventID : 10002 error in the Event Viewer. I have Ms Cluster service installed on Windows 2000 advance server and i have total two server in the cluster. One of the web application is making a call to EXCLE.exe as...more >>

Just upgraded to XP now I receive messages concerning some e-mail stating [current security setting prohibit running active x controls on this page.] never had this with IE 5.5 what is Active X and how does it effect my system. Should I change my security settings will this create any prob...more >>

When you attempt to connect to OWA over HTTPS://, does it start encrypting immediately or does it wait until you have authenticated with your network username and password, and then encrypt everything after that? I know this seems like a dumb question, but I just want to be 100% sure that o...more >>

Can someone please help me? Have you had to deal with the frustration of receiving annoying pop-ups on your computer? These annoying pop-up messages are sent to your computer through a built in feature that Microsoft included in Windows 2000, NT, and XP. We at Message Destroyer would l...more >>

When I go into my Outlook Express, I don't want it asking me for my password all the time. So I went into tools and under mail and then properties. The box for remember password was checked and my password was typed in there. But it still asks me for my password every single time. Is...more >>

hi. i've set up a w2003 srv & iis. there are two nics in the machine; both are public interfaces and both are in use by iis. now, i would like to have basic firewall running for both interface and i activated that in routing and ras. however, the firewall only works for the first interf...more >>

When I try to Process a pending certificate, I get error "selected certificate was already installed to another server" I do not have another server, I have created request certificate like five times and same error comes out any suggestions? ...more >>

Hello again. So I was able to import my ssl cert. I then assigned it to the only website on my IIS 5.0 server, then to my application directory. I type https:// and I get nothing. It just hangs there. I went back and followed a knowledge base article on how to fix this, but it has not worked...more >>

why does it dial up an internet connection when I open any file on my computer and how do I stop it. Do I need to worry about it? Thanks ...more >>

The OS is Win XP Pro, SP-1. A port scan of the computer reveals that Port 1025 is open. netstat.exe -a shows that some service is listening on this port (TCP), but there is no option to determine what's listening. The IANA Port Numbers Assignment shows Port 1025's purpose as "network blac...more >>

Hi, everytime I type one letter in a search engine, it gives me all topics I have searched that start with that letter. Like if I type M it could say, Microsoft or milk or money.. so it records all of my topics I've searched. How do I get rid of this? At one time a friend did clear it fo...more >>

I am trying to install a certificate we received from our hosting provider. We are taking our webserver in-house and this certificate is from the server at our hosting provider. I'm not sure how I can go about installing it on IIS without first requesting a certificate. All the articles I have ...more >>

Hi, Our company has a Winnt4 network and a domain. I created an asp.net intranet application and install it on Win2000 server. I'm using IIS5 as the web server. This web application will access a MS Access 2000 database which is also installed on the same server. My web application can ...more >>

I am currently working with ASP and Visual Basic 6.0 COM objects. The ASP page will retrieve username and password and the two information will check against Windows Authentication. However, I do not know if there is a component or solution in VB. Please help. ...more >>

We are trying to come up with a way to prevent the "Security Alert" from displaying when hitting our webserver outside of the defined domain name (e.g. by IP address or other registered name(s). Currently, we have the site registered as "https://mydomain.com" but have an alternate DNS ent...more >>

Hello, On 7/13/03 my company's web site was defaced. It appears that they dropped their index.html page over ours. I was able to restore from backup. We are running an NT 4.0 box with SP6a and as far as I am aware all security patches are installed (verified with HFNETCK). The server is...more >>

Hi, We have an existing SSL site running on an IIS 5.0 running Windows 2000 server. We have another SSL site to run on the same server in a different virtual directory, however it needs to be accessed via a different domain name. I am guessing that we will need 2 certificates for this but from ...more >>

I'm trying to figure out how to configure an IIS FTP server to only accept connections from a limited number of IP Addresses. Is there a simple way to do this? I'm running Windows XP Professional and I'm not on a domain. Thanks, Mark...more >>