i need books/tutorial for instlling/configure SSL on IIS. any links? thanks. ...more >>

Can anyone tell me if it is possible to require client authentication on IIS but disable the Trust Lists so that any certificate can be used? i.e. can I get the browser to prompt for all certificates irrespective of their trust anchor?...more >>

When I create a web page and try to access it from outside my lan it will ask me for a user name and password. Is there a way to make this stop?...more >>

I can not get rid of a message that keeps popping up on my screen when I try to go to a website. It comes up as a "Security Alert" and that the certificate for the website is expired but it is from a trusted web site. Then it asks me to press either yes or no to continue or to view the ce...more >>

Sorry about the repost. I forgot to include my email in the origional. I'm getting a strange error when I try and complete my certificate renewal. The last step in the Certificate Wizard gives the error. "Failed to Install the Certificater" "Cannot find the requested object" I ca...more >>

I'm posting this for a friend. He has a large collection of images on his server. Occasionally people will use software to download the entire collection (3 Gig) at once, sucking up his bandwidth. Is there a way with IIS to stop people from doing this? thanks!...more >>

I have set up an IIS 6 FTP site which was working correctly for anonymous access. I have tried to remove the anonymous access and require users to login with their AD usernames and passwords. Now nobody can login. I have checked the permissions on all the folders at an NTFS level, they ar...more >>

Below is the only scenario in which I have got basic authentication to work with XP, and it isn't pretty: Server: Win 2003 Standard Edition Client: Win XP Pro version 2002 sp1 - I have a virtual directory in IIS called mydirectory - Authentication is set to "Basic Authentication" - The def...more >>

Before installing Active Directory anonymous web users can access my IIS5.0 sites without any authentication If I install Active Directory and setup the machine as a domain name controller, when web users attempt to go to my websites they are presented with a net logon dialog box to gain access to ...more >>

Right now I have a database with groups and users and based upon that data, I make a decision in my asp.net pages as to whether or not to serve the user the web pages. I am now moving to Windows 2003 Server and noticed the "Permissions" addition on the right-click context menu. Will that keep...more >>

Basic Authentication x IIS 5.0 - User and password box appears once time ! We have a main page with a link to a secondary page. We'll call this secondary page as 'www-aaa' is configured with the option 'basic autentication' in 'directory security', for this way a domain's user and password is re...more >>

IIS 5.0 supports "\" as the default domain so that unqualified user names can be authenticated using all trusted domains. See http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q168/9/08.asp&NoWebContent=1. Is this functionality supported in IIS 6...more >>

Hi all I have an QTEC 2020 that I synchronize up against a Small Business Server 2003 running Exchange 2003. I have setup Active-Sync on the QTEC 2020 to "Save" password. When I sync against the Exchange server it keeps asking for password. I can then tab in the password and it synchroniz...more >>

Hi, I faced quite a challenge after setting up CA server on domain controller on freshly installed Windows 2003 Server. Anyone except domain administrators could not access .\certsrv WEB page. After tremendous time of checking possible and impossible I finally got to ASP.DLL where "doma...more >>

Hello! Our new state guidelines are mandating encrypted FTP. Does anyone know if IIS 6 does this? Thanks! Debbie...more >>

i keep getting websites added to my favorites, that i have not added is there any way of stopping that from happening, help ...more >>

Here is my setup: Web Server is in DomainAD, which I want all users to authenticate against when logging into the web site. Most users are logged into a machine using DomainNT, with a few users logged into DomainAD (we're in the early stages of an AD migration). I would like the web site to ...more >>

I am currently running Windows 2000 server as my web servers I have a security certificate from verisign which is currently installed on my primary web server I have a second web server that is identical to the primary which is used when my primary server goes off line I followed the instructions...more >>

I have an IIS box (.net 2003 iis 6) that issued it's own cert for the purposes of SSL on a website it serves. The IIS box is dual-nic'd and acts as a router/NAT for a private network. For the sake of discussion, all clients use IE 6. External clients from the internet, when visiting the webs...more >>

Please advise how to stop searchxl.com from popping up when I log onto internet. Takes several minutes for it to load and I don't want it. Don't know where it came from. Thanks....more >>

I've a Win2K machine joined to a domain. Setup the IIS to Integrated and the rest of authetication option are not set. Whenever I browse to any HTML page, authentication happens locally and not against the domain joined. Upon enabling basic authentication alone (with the domain pointing to the joine...more >>

We are running IIS5 in Windows Server 2000. Two days ago, a hacker managed to install a trojan on our server through IIS. I have run the IIS lockdown utility and besides automatic updates, I *manually* check for updates every other day, so I have the latest updates. How can I make 100% ...more >>

My Windows 2000 Server is behaving strangely. If I open the Task Manager, it immediatley closes. Same thing with RegEdit. Any ideas?...more >>

I have just installed a router and when I click on the Frontpage 2002 server extension settings ( in the properties of my default web site in the IIS services ), it now prompts me for a username and password. I have tried using a username that is part of the admin group, but it won't work. And ...more >>

It's got to be something simple but I just can't see it. I created a dirtectory and copied an existing web site over to it from another machine deleting out all the non-content files and directories; then I created a web and enabled anonymous access using IIS properties for the site on a win ...more >>

HELPP!! everytime I connect to the internet, 3-4 minutes later, I get disconnected automatically, then reconnected using some x-rated dial-up setting that is installed automatically to connect to some x-rated server. I need help urgently thanks...more >>

Hi, It's been awhile since I've gone down this road, but I just installed a clean installation of Win2K Advanced Server with IIS5. The Windows CD was an SP3, and the web server machine is configured as a standalone server (no Active Directory, no Certificate Service). I am setting an SSL w...more >>

If I give IWAM and IUSR accounts full access to a folder and database on our intranet and that same server is used as our WWW server, will the outside world have access to that folder and the database? Tim ...more >>

I have a windows2000 server with IIS5, there are several site configured and all work fine; Now i want that one site is on HTTPS protocol. I have followed all the indications that I have found on this newsgroup and on the net: request for certificate, generate a certificate, install the certifi...more >>

How do I prevent a web site from hijacking my default start page on the explorer brauser?...more >>

hi we have some folders with member logins i have defined a new user called "member" and saved the password as "reversed" (found under account options) then i have ticked in IIS security the folder "member" as: - windows authentication - cleartext - digest (all 3 boxes) it works p...more >>

I have created a web service and deployed it on IIS 6. When it uses the DefaultAppPool I can connect to it fine when I have set the web service to use windows authentication. I need to set the web service to use a different app pool though, and when I do, I get a 401.1 error 'you anre not au...more >>

Hi is it possible to set settings under "Directory Security -> IP address and domain name restrictions" with vbscript I want a user to enter his internal ip-range in a hta file and then a script should set the settings for some virtual directories. I didn't find this in the iis scripts under c:\wi...more >>

IE Basic Authentication has always had some kind of quark and it seems the quarks has either gotten worst or Microsoft is now forcing some behavior change "issue" on people. In short, it is so time consuming, with little input directly from the horse's mouth, to try to understand Microsoft's v...more >>

I got this message, and I would like to know if this message is really from Microsoft, or if this is a trap. To scan for some parasites, I went to www.doxdesk.com/parasite and it did not find anything in my computer. Please advise. Can you send me a note back to my e-mial? I am not sure how...more >>

What do I have to do to enable a Web Service in IIS 6.0?...more >>

I am setting up a simple single ftp and website on my DSL- connected (static IP) W2K Workstation Pro using IIS 5. I will have all service packs and security hotfixes installed and will use Windows Update to dynamically install any new critical updates as they appear. I intend to follow th...more >>

I am having a problem on Windows 2003 Server. On 2000, I could have a multi-homed server, as long as I only had 1 SSL per IP. ie: port 443. If the certificate was assigned to https://secure.foo.com, it works fine. If I go to a multi-homed site, on the same IP, but NO SSL included, and I ...more >>

hi; i got a few websites on a server and they all seem to work ok. I have now configured a login for a certain "safe" area; and did this by adding a user in the user manager of the domain; and by changing the permissions to CLEAR TEXT (and desactivating anonymous access) This all works ...more >>

I have setup 1 web server using 2003 and installed a SSL certificate, all appears okay. The ssl certificate is only for the /internal area which is on our internal server. Users are able to login but are continously prompted by the system to allow non-secure items, I understand is it possible to ...more >>

I've asked in another post a more detailed question about IIS6 communicating with SQLServer 2000 when the two are on different servers, but it occurred to me that I may have a very basic misunderstanding about Windows Integrated Security in an internet scenario. When we allow anonymous ac...more >>

I've asked over on sqlserver.security and am hoping for some additional guidance here, because we're not out of the woods. We're using Win2003 server and ActiveDirectory. We want to run SQL2000 on Server1 and IIS6 on Server2. The IIS on Server2 is for Internet access. Server1 also has an IIS...more >>

I have inadvertantly downloaded an annoying programme which keeps trying to connect with pop-up ads whether I am online or not-it is becoming extremely bad as it is interupting alot of work im doing and games that I play. I have no idea how to find this thing and it doesnt seem to show up ...more >>

I've got a problem with local IIS. After first try to connect http://localhost/ IIS stops. In the event logs I see many messages like ************************** A condition has occurred that indicates this COM+ application is in an unstable state or is not functioning correctly. Assertion Fai...more >>

We are running SQL Server 2000 and IIS 6 on separate machines. We are building an intranet application and want to use integrated Windows authentication in order to identify the users and validate them in SQL Server because their security role determines what they can do in the application. We hav...more >>

My administrator installed a certificate for SSL on the default site, but now there we have a second site using port 81. I can't access it using https. Can SSL only use the default site?...more >>

I tried to send an email to a recipient that was rejected by my server as invalid. Fine, but now the error message pops up allthe time and I cannot get rid of it. Any suggestions? Thank you....more >>

I have gone to the internet options and deleted all the cookies and temporary files that i have. I have gone to the control panel to the internet options menu and tried changing the security settings in the advanced icon. And i even tried to download the internet explorer again to replace this one t...more >>

For the first time ever I've encountered something on the internet that really disturbs me. I was jumping around on the net and when I finished I logged off , as usual, and shut down. The next day when I tried to log on again ----- instead of my usual browser(G...more >>

Hi I just installed CA to issue a certificate for my company local mail ser= ver. Now, when I aceess OWA web site, I get a warning that a certificate isn't signet by agency (because I generated the certi= ficate). When I click Yes, I get second warning saying: ''THIS PAGE CONTAINS BOTH SECURE...more >>