I have URLSCAN setup as per KB article 307608. What the article does not mention is that some FrontPage functionality will be lost - for example : [02-21-2004 - 19:01:17] Client at 192.168.0.4: URL contains extension '.exe', which is disallowed. Request will be rejected. Site Instance='1', R...more >>

Once every few days my IIS logs show someone (all different ip's) looking for /sumthin. has any one a clue what he is looking for - I would surpose that he does not know the type of server - I am sure that he is up to no good. David ...more >>

My homepage was reset by a porn search engine, allneedsearch.com. EVERY time I start my computer, this is my internet explorer homepage, no matter what I do. PLEASE, someone help me! This is driving me absolutely crazy! I'm running windows XP if this makes a difference....more >>

I maintain a web site in which users must log into to recieve the information provided. There are literally hundreds of downloads available on the site and I need to secure them. User's cannot get to the Web page that these executables are displayed on without logging in; however, if a ...more >>

I have resently ran the IIS lock down tool. Now some of the pages on my site can not be displayed. Is there any way to reverse what the lockdown tool does? ...more >>

I have a machine running Windows 2003 Server and the latest SharePoint Server software. I've written a C# WebService that runs on this machine and exposes some additional functionality I need to automate work with SharePoint from a remote machine. The Web Service is accessible and works corre...more >>

My Homepage has been hijacked. Every time I get on the internet my homepage reverts to an unwanted site. I've gone through all the proper techniques using internet options, but when I turn the computer on, there it is. I've also used Adaware and other spyware programs to no avail. Can some...more >>

Hello all I have a SAP ITS running on top of IIS 5 - for an external authentication option with ITS I need to rewrite the http header. What should happen is: 1. Request (from external servlet) requests ITS URL on II 2. IIS function (whatever - that's the bit I need to write) steps in, evaluates ...more >>

Hi all, As we all know, the HTTP protocol does not define a mechanism for the server to ask the client side to clear the credential previously established through Basic Authentication. An internal convoluted workaround that we have been using is to have the server redirects the browser to web pa...more >>

I posted this to the .iis.activeserverpages group but received no responses yet, so I'm posting it here too... time is becoming critical on my obtaining a solution. :( ====== I've been trying to solve this one for weeks! IIS5, W2KP, very latest updates, no virus trojans etc, no attacks. Everyt...more >>

I can't find a decent White Paper on Integrated Authentication. So I can't figure out the following questions: If use an IIS site after login in with Integrated Authentication (let's say Kerberos flavor), how long can I be inactive before I have to re-authenticate? Where can I set this pa...more >>

Hi, I have windows 2000 server with IIS and I program ASP. I use the string: "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=basedatos.mdb;" to data base Access and it always works ok. But I installed the Panda BusinesSecure Antivirus and since then I have had a lot of problems. First, win...more >>

Hello! everytime I open up my Browser my homepage displays a site which i've not specified. I've tried changing the setting by going to, tools Internet Options, General and changing the home page but the problem still persists.....ANY ADVICE, I'M DESPERATE!...more >>

Windows 2000 Server SP4 FP 2002 extensions I had to rebuild my system, I've restored my metabase, and now, when I try to access my site, it prompts me for NT authentication. I've Changed the anonymous user account to Admin, and it goes away, reset the user account to the IUSR account, and b...more >>

I am running a win2k server with IIS 5.0. I have a folder that has pdfs, xls, and .docs in it. My prolem: When people click on the links of the .doc files it opens, but once they close it bring up a user name, password, and domain window. Only anonymous authentication is setup on th...more >>

We are trying to migrate our Certificate Services from a third party to in house. I have created the following hierarchy: RootCA | SubCA | Website with issued certificate from SubCA Now I think everything is setup correctly, I have the Root Certificate installed on the serve...more >>

I'm using NT with web users logging in using Basic Authentication. The login button accesses a "secure" ASP page, which displays IIS security prompt. Upon successful login, the ASP page redirects to the proper page based on login. If however, the account is expired - the basic message appea...more >>

Hello All I need to setup a domain user account to have rights to access IIS Manager on a domain member server. The domain user account also needs rights to access from Front Page. I am not strong with IIS services and the only way I am aware of is through a GPO on the users OU. Is there anothe...more >>

I got a computer from a friend of mine that use to have a user name, a password and domaine. Now that I took home I cannot use it because It is asking me for password. What can I do to break that old system Thank a lot Aime ...more >>

I'm having trouble opening Internet Services Manager on a Windows 2000 laptop. When I click on Internet Services Manager I get the following error: Error Connecting to <machinename>: Access Denied Do you wish to continue to attempt to connect to it in the future? I also get the same erro...more >>

Are there any potential pitfalls in transferring a certificate from a server running Windows 2003/IIS 6.0 to a server running Windows 2000/IIS 5.0 I assume you can handle this in the same way as if you were transferring between servers ... the only slight question I have is that IIS6.0 to IIS 5.0 ...more >>

I had to enable SSL on our Web server. I imported a certificate issued by CA service running on one of our local machine and after this loading the logon page takes much longer than before. Some suggestions? thx...more >>

Hi, we use Visual Studio.Net, SQL Server and Windows 2003 Server. It has always been no problem to debug ASP applications through IIS under Windows 2000, but now only works if we give our developers admin rights on the server. Can someone help? Many thanks in advance. Bodo...more >>

Hi all, We have an internal web application where we pass the username and password in the URL using the https://username:password@url notation. It used to work before but after we did an IE upgrade, we got an "Invalid syntax error/ The page cannot be displayed" in IE. Does anybody know if IE ha...more >>

I installed the IIS for Windows XP and the printer virtual directory that comes with it. The site itself no longer ask for a password, due to it now being anounmous login. But when I click Pause, Resume, or Cancel All Documents it brings up a login dialog. What login is it asking for. ...more >>

Can anyone fill me in on a client authentication pop up that I get when I try to access a site to make some online payments? The pop up seems like a warning of some sort that says "The web site you want to view requests identification. Select the certificate to use when connecting" but...more >>

I am unable to remove a popup porno site. I states that it is in my computer and has to be removed from the control, but I can't even find it and the security is up in everything on this computer and it still won't block it. I would love some help. thanks...more >>

I have been thinking about using a similar approach as the one discussed in the Simple ASP.Net Email example: http://www.dotnetjunkies.com/Tutorial/7D8C8892-397A-400B-AD22-188B8F4F53C9.dcik But I am worried about the whole mail relay issue. Do I open up a hole on my server to allow others to use...more >>

I recall seeing an article some time back in the IIS (4 or 5) security guidelines that MS best practices recommended not installing FPSE on a production server. I have searched for the article (I know I should have saved it) to no avail. Does anybody else recall the article and (hopefully) have ...more >>

Hello, I am trying to set up a website with the following requirements: 1. User can browse through the non-secure pages of the website using ordinary HTTP. 2. User can access the secure pages by first supplying a username and password through a web form via SSL. This web-form goes through ...more >>

I'm encountering strange behaviour on installed web package (outlooksoft) for IIS 5. When entering the address for the application in the browser the attempt succedes when using the ip-address and fails when using the DNS alias. ex: http://45.216.48.249/osoft/ is successful, http://ap0210.bgc....more >>

My production website is currently running on an outside hosting service (non-windows). I have setup my own IIS6 server and am nearly ready to switch my production website to it (it has been tested using the IP number for access). The site uses SSL (https) for taking orders. Can I setup my s...more >>

Hallo hat jemand eine Idee wie ich einem beliebigen Benutzer zugriff auf den INDEX SERVER geben kann. Aus einer Webanwendung mit einem User der nicht gleich dem IUSER ist - sollen daten vom Indexserver ausgelesen werden. Doch ich muss dem neuen USER "myAPSuser" noch ein Recht reben damit ...more >>

Scenario: Domain Controller - JUPITER Domain Name - MICH FTP Server - MARS Each client has their own username. For this example will use client "abcd" FTP Site Home Directory points to c:\ftp\clients Virtual Directory points to \\JUPITER\CLIENTS\abcd and "Connect As" is MICH\abcd with ...more >>

I am trying to submit an HTTPS form to an isapi extension in IIS 5. But when I do I keep getting an NT domain login box. The ssl cert is installed properly. The isapi extension is in a sub-directory of the site root. The website has read and write permissions with Execute Permissions set to...more >>

Hi everyone I install SUS on windows 2003 server with IIS6. After the installation another website that was on the server doesn't work anymore. I know that i have to re enable ISAPI Handler for For FrontPage Server Extensions and Windows SharePoint Services Following the microsoft articl...more >>

OK-- Here is the scoop--- I have some EXE's that clients download from my website that is hosted on IIS 6.0. I have mime types set wide open right now (.* Text/html) When I download the file it works only once. then after this it gives a 304 response I have changed the mime type to applicat...more >>

Hello everybody, Is there a way to authenticate against both W2K server and UNIX on a web server? Assuming that I create a two way trust relationship between my W2K server and Unix (using the steps mentioned in http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/kerbsteps.asp ) do...more >>

some form of spyware keeps sending adult ads with an ad for evidence eliminator on it how do i get rid of it?...more >>

is there any way to get rid of this?...more >>

I have a baisc ASP.Net Application which displays the contents of a given file structure via a web page using system.io. In Web.config impersonation is set to true and authentication to windows. On IIS anonymous access is denied to the application and any virtual directories my application may be ...more >>

Hello, I created a virtual web site on a NT server with IIS4 The virtual site points to directories with documents like Word, Excel, PDF, Text... From the browser (on a client PC) , i access the documents like this http://server/virtualsite/document.doc Normally, it should display docume...more >>

Does anyone know how to create a self trusted certificate? I have heard about Microsoft Certificate Server, does it still exist. If it does how does one go about getting a copy of it?...more >>

im trying to implement https/ssl on my company's website and was wondering if anyone out there has some experience using the Microsoft Certificate Service for issuing certificates. im looking for some pros and cons to going this route rather than using Verisign as my certificate authority...more >>

Hello, Is it possible to use a simple form that asks for a username and password and then pass that to Integrated windows authentication? I would like users to be able to goto a site that uses Integrated---OR---Basic authentication and have them use a simple form to enter thier credent...more >>

Okay. I ran the lockdown tool on my system and it really messed with the permissions. So, I went ahead and re-ran the lockdown tool to uninstall it. Now, for some reason, I can not load the IIS snap-in from the server, nor can I connect to the IIS service from another workstation. What options...more >>

my system keeps telling me i cant access some of my hardware like my harddrives i can only see 1 of them i have 2 also i am the only user and i set it 4 full access it keeps changing me how do i keep it on full access ...more >>

Some web pictuers blocked how to view. ...more >>

hey over the past few weeks i have been getting emails saying there from Microsoft but there not because microsoft dosen't email IE Patches and when i view the message source it just says it's from security@microsoft.com and i know that it isnt , what can i do to stop it. -KewlKyo...more >>