Is there any way, I can create a windows security group and then delegate to manage the IIS admin without giving the complete server administration right? I am aware that, the IIS oprator group is unable to create virtual directory i.e. by design. I want the security group members shoul...more >>

I am trying to execute a python script on IIS 6 as follows: Anonymous access http://cvstest/viewcvs and http://cvstest/viewcvs/viewcvs.cgi Both of the above work. I have made viewcvs.cgi a default page for the directory. Authenticated access: Removed anonymous access, added ACL for user gr...more >>

IUSR_Computername gives users anonymous access to the web site. What gives IIS or the IIS service or ASP pages on the web server the access to say FoxPro or Access data on another server (files are not SQL Server so not interested in how SQL does it) Thanks Dermott...more >>

Hello all, I am getting very strange log entries on one of my web servers they look like this Get, /Default.ida,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Does anyone know what could be causing this. IS it a virus or a sign of intrusion? Tha...more >>

Hello, I've set up a OWA (front end) on our DMZ. The recommended template for OWA is used on URLScan. The problem is that it blocks URLs containing "&" and ".." signs. This is very disturbing for our users because many emails contains .. and "&" and ".." signs in subject line. Is there a...more >>

I have an issue with "HTTP Trace Support" being enabled. I have found documents that state "Use URL Scan" to fix the problem. I do not want to use URL Scan due to the fact that it caused more problems then it fixed. I keep running into the refrence of "RFC 2516" regarding "HTTP Trace Suppo...more >>

I have just install URLSCAN in my win2k server. I have used the frontpage website search component in my website. This component uses the indexing service. When I tried to access the page http://testsvr/myweb/v4static/searchlt.idq I get this error msg: HTTP 401.3 - Access denied by ACL on r...more >>

Please!!!! Can some one help me stop these pornographic pop-ups from plastering my screen 4, 6, 8, or more at a time? I have young children and there is no excuse for them to have to see these uncontrolable pictures that just come up out of no where. One picture is bad enough, but I can...more >>

Hello, I have several clients of two web based systems who are being prompted with a popup for their name and password for a website. This is fine since it was configured in this way. The problem is that they (and on some machines myself) put in the proper credentials Username - Password - D...more >>

HI I am trying to generate a CSR for a server to be hosted in Gibraltar. If I try to generate a certificate signing request using IIS5, I find that in the field for specifying the Country/Area code there is no entry for Gibraltar (GI). It is only possible to add a area code from this list. ...more >>

Please help me to get SSL to work on a standalone PC (Non Domain). I created a web page using CGI that does file upload. I wanted to make this secure so that names and passwords are not sent in the clear. I installed Certificate server locally on the box. I went into IIS and said use ...more >>

I am trying to have users use their standard windows login information to login to a website. However, For certain members I get a 401.1 error page. It seems to be linked to the user because it happens because of the user logged on to the computer. As in, if I put in an administrative usernam...more >>

I have used IIS for years and am in the process of moving my websites to IIS 6.0 (new servers, not upgrades). I would like to lock down the security, but I don't want to lock it down so much that the system can no longer process the files. I also see that Windows Server 2003 & IIS 6.0 ad...more >>

Microsoft Customer this is the latest version of security update, the "July 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting Internet Explorer, Outlook and Outlook Express as well as five newly=20 discovered vulnerabilities. Install now to pr...more >>

Hi There, How can I hack the security in the office and try and access the sites which we are denied access into?? Ajitesh...more >>

*******GREETINGS************** We are writing to tell you about the problems of "Abuse" with their Message Service> I didn't mind before or when I first started recieve these messages because I didn't know what it was. I didn't know what popup message was.. but gave me message of: Your comp...more >>

Hello, This is a quick heads-up to let you know that there have been 'sightings' of a new worm which seeks to exploit the latest vulnerability in all versions of Windows. More details here : http://grc.com/default.htm http://vil.nai.com/vil/content/v_100516.htm Patch available here : ...more >>

I have install the certificate on my certificate server and enabled the ssl port. Now when i access my webpages, the browser gives me warning that the CA is not the one trusted by my browser Yes or No if I would like to go ahead. What can i do to suppress this message from coming up on ...more >>

Hi, I have two web sites (site A and Site B) on the same IIS server. Site B is set with 'Basic Authentication' mode. Site A doesnt have basic authentication enable. From site A I programmatically get the user name and password to validate the user and redirect the user to Site B. Her...more >>

Hello. I installed a local CA on my web site using the Microsoft ca server. This is a stand alone box. I then had it apply the ca certificate from the local server. I can view the certificate. The problem is if I enable require ssl then try to https: the web page i get page can't be v...more >>

Hey everyone, Thanks for all your support but, I did what some of you told me and edited my urlscn.ini and IIS still loges the rejected requests, it dosn't log like the whole string but it does still log them, Is there anyway to make it so IIS will not log any rejected requests that urlSCa...more >>

Hello I am an ASP developer working on NT 4.0 platform with IIS 4.0 server. I am trying to do security from the brower by calling the "GetTokenInformation" to get the NT authentication token to ensure that the user has logged in. My question is is this possible through scripting (javas...more >>

We have just installed Windows 2000 Server and IIS 5.0 for a new web server. I noticed in checking for security patches that there are two for IIS that are called "cumulative", Q301625 from MS01-044, and Q811114, from MS03-018. Do I need to install the earlier one first, or does the one ...more >>

Does anyone know how to programmtically ban IPs within IIS 5.0 and W2k? I have a process that parsers my IIS logs looking for malicious activity. I want to be able to programmtically add the IP address of the malicious requestor to the denied/blocked list. Thanks......more >>

I have a user that is using a program called Cinderella to generate java pages. The server that we use is IIS 6 with FPSE. This is the error message that I receive when I look at the java console: java.io.FileNotFoundException: http://www.optics.arizona.edu/jcwyant/Geometry/Optics.cdy jav...more >>

I have a bunch of IPs that are denied access to my server. For the most part it works but..... there are one or two IPs that are still able to have access to my system. I've double checked the logs and then reentered them in the denied list but they still are being allowed access. This is a win...more >>

I have asked a query to this group some time back. With the help of this group I am able to solve the problem partially. can any one help me in solving this problem. My Question & Steps taken is given below. My Question was---------------I am hosting a intranet server on a windows 2000 se...more >>