Before you post a question to a Microsoft.public.*.security newsgroup, note that your question may already be answered below: Answers to Top Frequently Asked Questions: http://securityadmin.info My question is not mentioned below. How do I get an answer immediately, with no waiting? http:...more >>

Hi, I try to pass the NTLM credentials from a page to another virtual directory on the same IIS6.0. I use a WebRequest object and pass the current CredentialCache, but it seams not to work. I'm I missing something? I look arround in the newsgroups and if I understand it correctly it is not poss...more >>

Hi, Can anyone tell me if the IIS_WPG group has more user rights/permissions/privilege/ than those describe in the Microsoft document Default Permissions and User Rights for IIS 6.0 http://support.microsoft.com/default.aspx?kbid=812614 I would like to configure an application pool identity ...more >>

Hi all, Ihave IIS running and for a project i have to configure Apache webserver ,can anyone help me in getting detailed information on how to configure Apache webserver with all the facility that iis gives. Goodday Naveen...more >>

Just want to give heads up regarding MS04-021 (Security Update for IIS 4.0) After installing the patch on NT 4(SP6a) server we notice that the websites are not responding, the service and the site started but there were not listening ports. We have spent time debugging IIS with Microsoft and h...more >>

We are running Windows 2000 Advance Server and are running our Outlook web access on this advance server. The IIS version is 5.0. The WWW services keeps stopping randomly. Sometimes you can start the services and most of the time you have to reboot the server. Is there a fix for this o...more >>

hi someone could send to my server invalid or malicious POSTs packets THEN: i go to validate "every" field i will get with "Request".Form or Cookie does it is appropriate ?=20 and... if an attacker append to the post=20 "MyField" with its value (surely a value that can break the service)...more >>

IIS 6.0 Server 2003 Standard Edition. Trying to get something to work I change the account a whole directory uses for anonymous access. I'd like to set this back to the IUSR_Servername account but can't seem to make it work. Within IIS manager I choose properties of this directory and click...more >>

We have an intranet website at work, when I first took over it, I used frontpage to publish changes to it. now, when I try to publish to it, it asks for a user and password. i'm not sure what changed that cause it to ask for user/password. we have no idea what the user/password is, the g...more >>

I used to beable to sign onto the internet quick and easy. Now it signs on but is slow and says detecting proxy settings. I have tried everything to change it but it still slow. can you help me....more >>

Hi all, I'm trying to use my standalone PC as a web server I stopped anonymous access to the site and created a user for integrated windows security to use. This is all fine... however if somebody trys to access my site from within a domain it asks them for a domain, what do you put in there? ...more >>

Hi Having huge problem vith virtual folders on my IIS 6.0 FTP. Have configure a virtual folder named test and give all permision to it (IUSR, and local user) but every time I try to log-in I get the same message. Logging into a default ftp site with the same users work fine. An error occur...more >>

How do I setup IIS 6.0 to force an SSL3/128 bit connection on a particular page, disallowing an SSL2 or less than 128 bit session?...more >>

I am hosting a site that has an old form that does not work: http://www.tsahouston.org/feedback.htm (by the way, there is noting in the application event log). After messing with it a while, I set up a very simple new form that worked perfectly: http://www.tsahouston.org/joe.htm Any i...more >>

Can someone please help me. I have purchased a certificate for verisign and installed on IIS 5. when i attempt to goto the website http://servername I receive my default web page. However when i type in https://servername. I receieve the dreaded 'The page cannot be displayed' error. I have th...more >>

hey does anybody knows about these Server Extensions(e.g. Front Page Server Extension) The only thing i know :-it's something required at the time dot net framework installation can i get some idea?? Thanks hrishikesh *** Sent via Developersdex http://www.developersdex.com *** Do...more >>

I have Windows 2000 Server (Primary domain controller) with SP4, .NET 1.1 , Exchange, SQL Server and sharepoint running on it. Now I have also simple ASP .NET page on it. I am trying to access this page over internet from different machines. When I try to connect from any XP machines I get...more >>

I have a VB Script that I call from my ASP page. One of the first things it does is: 'Launch Access Server.CreateObject("Access.Application") 'Open DB 'Preview Report This works fine on IIS 5.x, on Windows XP. But when I try this on Windows 2003 (with the latest IIS that ships with it), it...more >>

Hey Guys, I have inherited an evil app that I am trying to fix. It is a VB6 desktop app, that I am trying to port to the web using VB6/com+/ASP with a sql server 2000 db. Well, up until now, everything has been good. That is, until I tried to port the "add invoice" piece over to the web. ...more >>

I am working on a site where the SSL site name is different than the non-SSL site name (https://safe.xxx.xxx vs. http://www.xxx.xxx) . I am finding it impossible to pass any information between the pages (ASP/VBScript). Session variables are reset and cookies are addressed based upon the site n...more >>

Hello, while requesting a renewal for an existing certificate via Verisign's web interface I trapped into the feature "Old CSR". Thus I renewed the certificate with the original certificate request of our old web server (IIS 4.0) although I can only install it on the new one (running IIS 5.0 ...more >>

I've got a PERL CGI application that runs great from the command line of my web server (Server 2003). However, when it is executed from the WWW service (IIS 6.0) it fails. I think this is most definately a file security issue but can't track it down and would appreciate some direction. I'v...more >>

I have a third party application (DOORSnet) which appears to run a CGI program in the form of an executable file (cgiwin.exe). I have IIS set to allow scripts and executables on the virtual directory and I have granted anonymous user (and all authenticated users) read and execute NTFS acc...more >>

I want to use two different ports so I can use multiple SSL certs but only one IP. If I change the port to 444 doesn't that mean that everyone in the world would have to have port 444 opened on their firewall or router? If I want to use multiple IPs how do I set up a single network card to a...more >>

I have imported the certificate to the ISA properly, but when I tried to configure the certificate in ISA, I could not see my imported certificate from the certificate list. Does anyone know the problem? Thanks if you can help me. Thanks....more >>

We have an SSL protected IIS 5/W2K SP4 server using basic auth, ASP, and IE 6 SP1 clients. We're trying to force the user to re-authenticate after a 20 minute session timeout so we can re-populate the session vars. However, the user is still authenticated and does not recieve a logon prompt, ...more >>

Hello, Can anyone guide me to information about best practices for implementing authentication to an SQL server (domain member) from a Web Server (DMZ, not a domain member) using windows authentication. Thx ...more >>

I have used spybot to try to get rid of blaze find and a DSO that keeps showing up in the spybot search. my homepage keeps being changed to blaze find anyone know anything about this???...more >>

Does anyone know why I am unable to install Servicepack 1? I get the prompt to install this update and then when I attempt to install I am told that access is denied. I am having difficulty with internet explorer, it sometimes shuts down and then I am told to get the updates. I have shu...more >>

Hi, could someone please explain the risk involved in this situation: Only port 80 open on the firewall IIS running anonymous authentication a folder in the wwwroot has "Write" enabled and "Scripts & Executables" enabled. If you enable this, IIS warns you that this is insecure. I was...more >>

It is about 3 months that when running my computer and go to the e-mail inbox the following problem occurs. I receive e-mails of June 22th until juli 2th than it stops. The e-mails of juli 3th and further dom't come in my inbox. It takes more than 30 minutes and than it starts again. All th...more >>

i put a pass word in content advisor and forgot iti cannot connect to internet how can i remove password...more >>

While able to use a username/password application to login into my webserver by using the servername:port...; I'm unable use the localhost, or outside domain. Why? There has to be a security feature not allowing ASP data to flow using localhost or a domain. Like I said, using the server...more >>

I have been inspecting my IIS web logs and found some files with a non-zero (121) value in the field "sc-win32-status". What does this mean? I can only find a reference to the meaning as follows: from Microsoft: "The status of the action, in terms used by Microsoft Windows." This description is mea...more >>

Hi, Does anyone know how to run an .exe file through ASP pages with the IIS server 6.0? It works for IIS 5.0, but I'm not sure about 6.0. If anyone knows information about this, please reply to michellecorinne@hotmail.com. Thanks! Michelle...more >>

I HAVE RESET MY HOME PAGE SEVERAL TIMES, BUT WHEN I RESTART MY COMPUTER, IT GOES BACK TO ABOUT BLANK. ANY IDEAS ON HOW TO FIX THIS IS APPRECIATED. THANKS...more >>

Hi I am a newbie to IIS, and just started with WINDOWS SERVER2003/IIS 6.0 The machine set up as an application server for an Access database and Product update with Updater Application UpdaterBlock. I am looking in my W3SVC1 logfile every day, and see some attempt to attach my server. Below ...more >>

I have a new Ibuyspy portal site on my win2k3 server using IIS 6.0. I can access the site from my PC only. All other users get an error 403, including the server itself.(no sub error code). The site worked fine until I changed the IUSR account password. ...more >>

I want to solve this problem as quickly as possible without a lot of reading on the internals of IIS. I'm trying to distribute two files via a web site on Windows Server 2003 (IIS 6.0) and they won't go because they're .ini and ..dat files. I've not done anything with URLScan or IISLockd - ever...more >>

Somehow ended up with a website that keeps posting itself in my list of All Programs and keeps putting it's icon on my desktop after I delete the icon in both places. It also eventually automatically tries to connect me to that website on the net. I have looked in my Programs list and th...more >>

I'm attempting the often problematic restricting access to intranet web site users for one folder. The folder in question has the security settings so as to only allow administrators in, and in fact I've even added my own user id directly - for arguments sake named here - myDomain\myUser to ha...more >>

After recently surfing the net, the next day I logged on to my computer and when I clicked on the dial-up connection window there was a different user name (ConnInts26) and password showing. Also, when I checked the internet configuration there was a different dial-up phone number instead o...more >>

I'm new to the whole web server ballgame, and I'm having some issues with SSL. I issued myself an SSL certificate (because, at the time anyway, I can't afford a certificate from a trusted authority) and installed it on IIS. Everything was working fine for a day (note: I decided to use ports in...more >>

Hello, can anybody explain me, how data transfering is encrypted in SSL if on IIS is setted : 'Ignore client certificates' ? In other modes, I understand, that Client encrypt by public key of Server cert, and Server decrypt it by it's private key Client->Server, and in ...more >>

Ok I am setting up a webserver and putting it behind a firewall with a private address. I had the this site working when I had my external address, now that I put it internal I am guessing I need to set up NAT through the Gateway(firewall). The questionis a domain service has my top level ...more >>

I am putting one of my web server in the DMZ. I wanted to know what I had to do in order for the "Integrated Windows security" to work. Thanks. John...more >>

I'm using WIndows server 2003 with IIS 6.0. My web consists of a folder named 'Files' which I would like to restrict access only to members. The folder contains various types of files such as images (jpg, png, bmp), flash animation (swf), videos (avi, mov), and audios (wav, mp3, aif). What I'm...more >>

I'm having a problem locking down who can log into my FTP sites. I've set up a new 2003 server which is running IIS 6. This server is part of a 2003 Active Directory domain. Now, the problem is, any user in my Active Directory has full control access to any FTP site. This is really conf...more >>

I am setting up a webserver behind my firewall is there a guide for setting this up. IIS 6.0 firewall is Checkpoint. The main thing I need to know is this machine will have a private address so where do I point it too. Do I use NAT. Thank you...more >>

Hi, I installed SUS server on to a Win2003Std box and set up my clients on the network as per the documentation for the configuration of clients through Active directory. Since doing this windows update no longer works and when I try to sign in to a web site using a .net passport I am ...more >>

I am trying to set up a two websites on one IIS6 server, both using SSL. Both virtual sites have different IP address 192.168.60.100 and 192.168.60.110 but I am trying to use port 443 for both. When I create a certificate for one it works fine, but when I go to create the second one the first on...more >>

Hello everyone! I've noticed in my log files the odd entry like the one shown below: 2004-04-15 01:16:51 168.XXX.XXX.XXX guest W3SVC340215 213.188.129.110 80 GET / - 401 5 1292 474 31 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0) - - (I've obscured the IP address with XXX...more >>