Hi, When someone from the web visits an IIS website they are given guest account acccess I would assume? What account is this name under in a w2k3 web server? How can I give a guest user more rights in IIS? Thanks, JJ...more >>

Hello all, I have 2 web servers in a NLB team (IIS6 on Win2K3) and now I need to apply an SSL certificate to both of them. Once I have the certificate, I know that I can use the wizard to install it on the server that generated the CSR, but what about the other server? Can I use the wizard ...more >>

Hi All, I have the following going on: A win 2k3 server running sql server and reporting services. I have IIS configured on it and can run reports internally on my network but when I try to access a report from the web I get nothing back. I can access my web projects but cant access and ...more >>

Having problems setting up a virtual directory on IIS6 server and accessing remote files/folders on Netware Server (via UNC share). For background, this Win2K3 server is a standalone IIS server in a Netware network... And I've done this successfully in the past with no apparent issues with Win...more >>

Hi, Every time I run an asp app I get the following... error '8007052e' /formcompare/FCResults.asp, line 99 The developer tells me that there is no password in the dbase and blames IIS....! Please help! ...more >>

We have an ASP.NET website set up on IIS 6.0/Win2003 server with Integrated Windows Authentication. The users accessing the site obviously have an account in our domain that we want them to log in under, but some are already logged in to their own local network domain. Unfortunately, when th...more >>

Hi I set up private CA(certificate authority) and trying to test SSL(server-side and client-side also) now. ----------------------------- <Problem> Now server-side certification worked already, but client-side certification can not work well. Normally when access client-side certification ...more >>

Hello, I have a server 2003 domain controller and 2 server 2003 web edition webservers. I would like to use a domain iusr and a domain iwam account which are on the domain controller. I can't figure out how to create these domain accounts, the iwam account on the webserver is member of th...more >>

I know u can lock down access to your websites thru IIS with accounts, = but can u restrict access to certain host names only ? Example - I am sharing my printer over internet so I can print when = roaming with my laptop. Currently I log in with ac name & pswd, but = wondered if I could limit ...more >>

I have a website containing two pages, index.htm (which contains just one line of text) and reviewform.htm (which is a form created in Frontpage to save info to a db). These pages are being hosted on my WinXP IIS 5.1 Web server. Index.htm is accessible by the IUSR_computername but reviewform...more >>

We have a machine running Windows 2003 Server, IIS 6, and Windows SharePoint Services. The machine resides in our DMZ (outside the firewall), and is on a separate domain that has a one-way trust relationship with our intranet domain (separate forest; the extranet domain trusts accounts from our ...more >>

Hi. I'm running Win XP Pro Sp2. After running the iis lockdown tool, my administrator account got changed so that this account is a member of the Web Anonymous Users. After rebooting, when I try logging in, I'm immediately logged out. Removing the Web Anonymous Users fixes things. Can someone...more >>

Howdy, One of our machines that was running a secure website went dead. So we ended up building a new machine with the same name. I am wondering if there is a way to get the old certificate to work on this new system. I do have the old certificate request file (.cer) as well as the respons...more >>

We are running applications via distributed assemblies on our intranet site. This requires a stub executable to load the assembly. After running the IIS Lockdown tool 2.1 on IIS 5.0, Win2k server (SP4 with all the latest updates and patches from MS) the executables will no longer run. We get a...more >>

I just did a pen test and I found out that my owa server has a flaw. The flaw is with IIS 5.0 I am being to to delete the following files aexp*.htr. My question is this. By deleting these files will I affect my OWA server? Thank You...more >>

I am wondering whether it is a good idea and necessary setup URLScan & iiscantool on my new Win2003+EXch2003 OWA box ? Also, I was told that I could run the URLScan on the ISA 2004 box and that should protect my FE 2003 servers. Please confirm which version of URLScan and iiscantool I should...more >>

Hi, Client Authentication Process during SSL Handshake involved the use of a digital signature (see http://support.microsoft.com/default.aspx?scid=kb;EN-US;q257586) Is there a way to get and store the digital signature somewhere ? I would like to log the Client Authentication in order to pr...more >>

Hi, does anybody know a ressource where the iis6 authentication process is displayed ? i have a web application that runs with "Local Service" identity in the default app. pool. when i switch to "Network Service" identity the application did not work. I want to understand why and where ...more >>

Is it ok to setup IIS6 on the same box that have Exchange what impact that will have on security I already have a wtchguard Firwall. Thank You ...more >>

Is it possible to customize the screen users see when prompted to enter a un/pw when trying to enter a restricted web directory? We want it to say more than 'connecting to www.mydomain.com'...more >>

Hello, We have a number of intranet sites running on a Win2k IIS5 machine, and we use Integrated authentication to identify users. When logging into one of these sites from a Win2k client, users are presented with a username, password and domain box. They enter their username and password a...more >>

Hi at all! I've a little problem. I've a web site with storage on a shared folder on a NAS. The folder is shared to user's domain (Domain\IUSR_WEB). The web site is configured to connect to the folder with (Domain\IURS_WEB). The user is used for anonymous access too. all work propertly, but i ...more >>

When using NTLM or Kerberos is there a way to disable the save password button that isn't client side, maybe by editing the IIS metabase or something to that effect? We have a secure app with SSL that we provide access to externally, I don't want users using a Kiosk computer or something and ...more >>

I issued Certificate using WebServer Certificate Template. I installed it at Directory Security, Secure Communications, Server Certificate... and secure site is functional. However after restarting Windows my certificate always got replaced by another certificate. Site also works but it prompt...more >>

Last night I was playing with a webpage in ASPX to modify a guestbook.xml file. I had a few problems with gaining the right security access on the file. In the end I had to give modify/write privileges to Users. That struck me as odd as the IUSR_machinename and the ASPNET user changes did ...more >>

Hi, NTLM authentication just will not work at all on my server 2003 box. Basic works fine. I've even tried giving everyone full control on the files. Nothing. Even with a flat HTML site it still won't work. The server is on a domain. No other machines on the domain appear to be exhibit...more >>

Hi, I am trying to automate the installation of URLSCAN and am using the following command: SETUP.EXE /Q Unfortunately I still get a dialog box saying that the installation was successful and I have to click on OK. Any way to make the install completely silent ? Thanks ! Tim ...more >>

I am in the process of installing urlscan 2.5 on a IIS4 (NT4 SP6a) Server running Frontpage98. As per the installation notes, i am unable to move the urlscan below the fpexedll.dll within the ISAPI filter dialogue. The fpexedll.dll has a "low" priority and urlscan has a "high" priority. I cann...more >>

Can Somone mimick another one's Yahoo ID ? Someone posted in a newsgroup Using My Own Yahoo ID in a Yahoo group that I'm a co-moderator of. They made the post to look like I were syaing that my password was found by someone!! My password is a good one (combination of letters and n...more >>

Should dev and test environment in completely different network? thanks ...more >>

what difference between Integrated Windows Authentication in IIS configuration and Active Directory authentication? thanks ...more >>

Hi So here's my situation. I've got IIS v5.0.2195 running on the same box as my SQL Server which hosts ASP and ASP.NET applications For authentication, i have 'allow anonymous' unchecked and 'Integrated Windows Authentication' checked. I'm also placing users into a domain group which subseq...more >>

I have a questions regarding SSL and joining to the domain. We have a webserver (W2K3 Standard) that is using SSL for secure communications. Right now, that server is in its own workgroup (not domain) and we would like to have it a member server with our W2K3 Standard. Will there be any pro...more >>

Hi, I have a windows 2000 server with IIS installed in a windows 2003 domain. I need to change the IUSR anonimous account from local to domain account. I create the user, used the adsutil set ... I set the User right on the local security policy, but when I access the site I have an Internal se...more >>

Hi all, Question. We are building a new intranet for the company. Management wants people to be required to login when they hit the website from either internal or at home (intranet.company.com etc..) For security reasons, the IIS box is a standalone system in the DMZ with no reference...more >>

I would like to create an intanet that everybody can access with userid and password and specific ip ranges should be able to acess without entering userid and password. How can I configure IIS6 to do that? thanks for help ...more >>

Hi, I've just installed IISlockdown 2.1 on and IIS 5.0 web server running on top of W2K + SP4. I had a couple of ASP pages from where I send e-mail (both internal and to the Internet). Since I installed IISLockdown I started getting a "permission denied" error message whenever an e-m...more >>

Hello, I posted this in the .NET group, but no one seemed to have an answer. I wrote a web app that prompts for the user name and password, then redirects the user to the correct page depending on the group they belong to. The problem arrises when the user is redirected to the new asp page. ...more >>

I am preparing to migrtate my Server 2003 Enterprise Edition to new = hardware and will likely reinstall. I am currently running IIS 6.0 and = SQL Server on my Domain Controller, which is not recommended according = to the MBSA. However, I am not currently fowarding ANY ports from my = router ...more >>

i hope i can find some help here. i habe to set up an SSL connection for my SBS2000 using OWA but also securing some maintainance-directories on my website. so the thing to do is set up an SSL-connection, there is no need of an third-party-official approved certificate. to use the SSL i do ...more >>

Hello all, We are running IIS6 on windows 2k3. Our network guy has set up certificate server, and is trying to set up SSL on the OWA website (at first, but we will need to do so on other websites as well). In the properties of the web, however, if we go to Directory Security all of the ...more >>

IIS is not installed by default in Windows 2000 Professional. It is apparently a required service to access certain web pages I have SP4 installed, and like most people did not install it from a CD. When I attempt to use the original Windows installation CD to Add/Remove Windows Components, ...more >>

I have a Windows Server 2003 Standard Edition on which I have two web sites. The default web site and a second web (we'll call it testsite) using a host header value. Both of these are running on a corporate intranet. The problem is that I have removed anonymous access for testsite and am usi...more >>

Hey all, here is the question of the day! We have 2 webservers. We setup SSL encyption about 2 months ago but I was not here to test it out. The certificates seem to be installed okay. However, when you type https://localhost/test.aspx you get "Page can not be displayed". However you ta...more >>

We want to allow developers to create and manage Virtual Directories with Visual studio and Internet Services Manager so they can test their work and create subwebs. We do not want them to be administrators. Operators rights in IIS (5) do not allow this. We believe this can be done by se...more >>

Hi, I have to enable the site for SSL. I have installed the certificate and can enable the site using SSL from Directory Security etc. But users will be visiting the main page under http://www.abc.com and I want to redirect them to https://www.abc.com Where do I configure the autoredire...more >>

hi ive been having a bit of a read around the forum and whilst i see many threads that deal with this, i havent found one to make things completely clear for me yet. the web server i am dealing with runs outside of our domain, and this is fine for 99% of the things we need to run with pub...more >>

I would like to create an additional tab on the iis website properties page. I need to create an add-in to the IIS Management Utility as a new tab on the properties page. The function of this tab would be to allow the administrator to deny admitance to requesters from particular countries. C...more >>

Does anyone know what port the Microsoft Certification Authority service in Windows 2000 runs on? ...more >>

I have just installed the .NetSDK framework and enabled IIS on my local XP machine. I followed the Config Details at the bottom of the StartSamples.htm page. My problem is I am unable to display localhost. I get an http 500 error. Directory security in the IIS mgr indicates allow anonymous l...more >>