Somebody gained access to one of my admins accounts on our website early this morning, and was using it to post a bunch of profanity and slander. In the heat of the moment i quickly opened the properties to the web and changed the default directory to a different directory (one where the only...more >>

Hi, We have a small web site which comprises of a login screen, then some member screens. I need the member screens to be secure, but the initial screen to be unsecure. Is the norm to use a single web server serving both secure and unsecure pages, or should I use one server which is secu...more >>

Hi all! Here is my situation in a nutshell: I have three computers. Server, Source and Destination. All Source and Destination each has a shared folder, say "\shared". I personally have permissions into both of them, but they are not accessible to everyone. I have a batch file on Server, t...more >>

Hello, I do have a problem using a Server.CreateObject command within an ASP page. The code: Set adoCon = Server.CreateObject("ADODB.Connection") Throws an VBScript runtime error: Microsoft VBScript runtime error '800a01ad' ActiveX component can't create object The System is running W...more >>

I recently renewed the certificate on my Front-End Exchange Default Web Site. The old certificate is going to be active for another week. Will the new certificate automatically take effect when the current certificate expires or do I need to do something special that I'm not aware of? Thanks...more >>

How do I create trusted security between my web server and my sql server? I don't know the account and password that my web server is running under. I use IIS 5.0 and IIS 5.1....more >>

Hi - I'm using IIS and ASP. I would like the ability for users that are logged in to upload a document (doc, pdf, xls, etc) and then assign another user account through my web pages so they can login and view these documents. The only problem is that when I upload these documents to my web site...more >>

Hi, If i open my web page 127.0.0.1 i always have to logon first. How can I get it to open the local page without requiring the logon. This is on an XP pro laptop. I think my security settings got changed when i installed the latest win xp upgrades from Microdoft. Thanks for the help ;) ...more >>

I have set my web site (default web site) to run under administrator account under Win2000 and I can see from my code certificates from Personal (MY) and Other People (AddressBook) stores. The problem is that when I create new user account and give it "Guest" or "Administrator" rights, I go...more >>

The Digest en Windows authentication of IIS 5 (Win2k) delivered some problems: - Mozilla did not work with the Digest Authentication method - Windows authentication is not working in combination with some networks/firewalls etc So I want to switch to to the basic authentication method. Now...more >>

I have a VBS script which contains an array of files and locations. The script loops through array trying to find each file in the location specified. If found the script moves the file to another location (typically on another server). The script is run by Task Scheduler every few minutes, ...more >>

Dear Sir, Miss, I am trying to setup proper authentication on a IIS 5.0 (Win2K server) website that works fine with Mozilla 1.7x and IE6. 1) I tried "Windows authentication" mode in IIS. It works with both browsers but not always. It depends on the kind of network, firewall, proxy etc. ...more >>

Hello, I am learning to code ASP.NET 1.1 using Visual Studio 2003 and have recently installed IIS 5.1 for this purpose. I am running Win XP Pro SP2 with the most current updates and using the Windows firewall. I am concerned that my system may not be secure from outside access through II...more >>

Hi I am ruuning SSL on Windows server 2003 for Exchange 2003 OWA. I am using my windows server 2003 as an internal CA for the certificate. My problem is that when accessing OWA it takes about 10-15 seconds or more sometimes for the ssl cert dialog box to pop up. Anyone know why it takes so ...more >>

Hello All: For the past several days, our virus software has found and deleted a backdoor trojan which was destined for our webserver. This came from the outside, not in since no other clients on the network show any signs of infections. My question is this. How are these files being sent t...more >>

Hello All: For the past several days, our virus software has found and deleted a backdoor trojan which was destined for our webserver. This came from the outside, not in since no other clients on the network show any signs of infections. My question is this. How are these files being sent t...more >>

I'm having trouble getting https working on my IIS 6 server. I installed a certificate with no trouble. In the IIS Manager I brought up the Properties for the virtual site that I want to enable SSL for, went to the Web Site tab, put in 443 as the SSL port. Netstat -a shows something is list...more >>

I am currently using Community Starter Kit (CSK) which seems to like to install as a virtual directory in the web site that points to "C:\Program Files\ASP.NET Starter Kits\ASP.NET Community Starter Kit (VBSDK)\CommunityStarterKit" Is there a security problem if I simply point my home direc...more >>

Helo, anybody know how you can secure file; so give permissons for some users any take everyone to off? Example: I have server extension folders and in many cases in more debth. (d:\wwwroot\inetpub\test\abcd\file\) ... test and abcd are server extensions web(make with IIS manager), folder...more >>

Hi I've a Special character problem with OWA, This problem I can't see mail. How can I solve problem. Thanks. ...more >>

Hi, Now that SHA-1 is cracked I am wondering how is MS dealing with this? I am wondering how do I create a new SSL certificate with SHA-256 or 512. Cant seem to create one for IIS. G. ...more >>

I have read that IIS by default does not allow a web application to run executables. And I read that the way to change that is to use IIS Manager to give Read/Execute permissions. I have done that at the directory and individual file level for the files I am trying to execute. I have also...more >>

Hi, I am currently encountering the following problem. I have a development server installed with the following: Windows 2003 Server (Enterprise) AD installed (Server is PDC) SQLServer 2000 installed Microsoft .NET installed I have a ASP.NET application which requires clients to select...more >>

Hi; I have this bizarre problem: whenver I turn off my computer and turn it back on and use the internet I can only access secure sites (https) sites. I cannot access anything else. I have tried everything to do with the settings and firewall to no avail. No one seems to have heard of this pro...more >>

Hi, I'm using a windows 2003 and IIS 6.0, I've installed PHP on the server, but I'm not sure that it's secure. As this is a shared hosting server, I'm afraid of hack attacks using PHP. Is there any way to secure IIS agains PHP scripts? Thanks Iman ...more >>

Applications in my company use IIS as the webserver for running all enterprise applications. We are opening to the Internet so everyone can acess systems inside or outside the company. We already have internet access with fixed ips. Should I install a secondary IIS server to attend outsider...more >>

I have an intranet virtual web as well as a default web. Each time I and other web authors use Frontpage to access the virtual web, it prompts me for login and password. How do I set the virtual web so that it doesn't prompt. It's already set for Windows Authentication and anonymous login o...more >>

Hi, We are using SharePoint and have Windows Integrated Authentication turned on in IIS. When a user connects to the web site, they may be prompted by IE for their password. We've found that if they press cancel, then it displays error 401. I know that we can customize error 401, but is...more >>

We have 3 seperate machines. All win2k3. One is the dc with ad, one with an issserver and one with a sqlserver 2000. The isserver is configured with "Integrated security". We want only domain users to get on the local website and to have their credentials impersonated to the sqlserver that also ...more >>

We have an IIS 6 server and Integrated Windows authentication is not working. I believe this is because Windows Server 2003 uses Kerberos v5. Integrated Windows Authentication to IIS5 on Windows 2000 Server works fine from clients behind a firewall. Is there any way to force Windows Server 200...more >>

A healthcare company plans to secure calls to webservices using a combination of SSL, XML firewall(between iis aspx server and web services server) and using basic authentication. We plan to migrate our ldap users from our integrated security into the basic authenticatino on the local iis web ...more >>

Hello all... I have Windows XP Pro installed along with IIS 5.1 that came with the XP Pro CD. I can access the default webpages that came with IIS 5.1 just fine at the following address after IIS installation: http://localhost/localstart.asp But when I try to do it with my domain name, ...more >>

Why am i being asked for authentication? Anonymous & Integrated are checked, Everyone has read/execute. The same exact settings work for the 3 other IIS web servers I have. If I uncheck Integrated it gives me a 401.1. This is driving me nuts...(I don't need much help! ;-) ) Thanks! Tim...more >>

Hi I've set up IIS and a virtual directory to run a site where I'm following some tutorials on ASP and VBSCRIPT. However, I can't run certain scripts because it seems that I've not set the security settings, properly. I keep getting the following security error message when running the as...more >>

Dear all, The current project that I am working on is implementing OWA5.5 to be accessible on the internet. The architecture model that I am thinking of proposing to the management is to configure ISA 2000 server (sits at the internal network) to accept the HTTPS packet from PIX firewall; t...more >>

Hi I am testing for the site (IIS). And now for the test need to export client –side certification from "IE>tools>options>content>certificates>personal". When export the file, one(client certification "A") certification can export the private key. But other ones(client certificatio...more >>

i have: a) vb project, compiled as standard exe b) active server page with the same source code when i run exe file from command prompt as a domain user or administrator or local administrator, it finishes in 4 seconds same code run from asp takes 20 seconds. putting a few <%response.write...more >>

I have a number of sites configured to require username/password in IIS. One site is prompting for username/password twice, but only when accessed by some machines. Settings appear to be identical as on sites that work normally when accessed from the same machines. The same username is us...more >>

I am using IIS 5.1 on Windows XP Pro and seem to have messed up ny security settings. I've been using an ASP.Net app on my computer, and it has worked fine for over a year. Lately, I have been trying, without success, to get the other 2 computer on the LAN to access the app. I think there i...more >>

we run IIS 5.0, I would very much like to send all log files to a remote server, but IIS doesn't allow changing to logging to a remote server, so I got myself a copy of metaedit and changed it, it took the change but IIS is unable to create the log folder regardless of all proper security in p...more >>

Hi all, I recently migrated an ASP code to IIS 6.0 and now I'm experiencing problems with the connection to the ADO. This function is from a dll which is called by a VB script. the client run on server 2003 at the same location as the IIS server the ADO fails only when I connect at transacti...more >>

Hi all, I have a IIS 5.0 fully patched server. Our SSL web certificate expired today and so when I have to renew it. When I go the properties for that website and then go to directory security tab and then click on server certficate mmc hangs. What gives? I need to renew the cert by tomorrow a...more >>

Currently using Win2K server SP/4. Installed iis lockdown tool 2.1 and know it ask for a user name and password when connection is made to the Web server. How can I remove this logon service? Reviewed local policy to system and I can't find how to remove this service....more >>

Hi, I have 2 servers Windows 2003 Std running IIS 6 with NLB. My web sites need authentification with NTLM and there is a webservice that need to be anonymous. This same configuration is working properly on one server. The reason for my webservice to be anonymous is that's it's called by a V...more >>

I am developing 2 Microsoft Sequel Server dts packages for updating databases from our cms authoring server to the live hosting server (I'm not updating the cms database). The dts package on the authoring server backs up one database and creates 2 text files (which I use to update another d...more >>

I'm trying to set up SSL on my web site (http://www.stopped-motion.com) and I can't seem to get it to work. The machine is running Win2k3 with IIS6 and the site is authored in ASP.Net and C#. This is a web server with multiple domains sitting on it as virtual servers through the use of host ...more >>

New at 2003/IIS6. Only 1 app installed. Works if DefaultAppPool identity is Local System but returns Service Unavailable if identity set to Network Service. I've google'd this issue; I've downloaded and run the IIS Resource Kit(permissions verifier); I've downloaded and run filemon...nothing...more >>

There is an articles on www.microsoft.com/serviceproviders/ columns/using_ipsec.asp, explaining how to use IpSec to lock down a server. I did what is said on that document. However, it seems to me that IpSec can only filter traffic based on IP. If I do it based on port, it does not work... I am...more >>

My code to read a POST (i.e GET) information seems to work fine... but when I change the URL read a POST, to one in my Windows 2003 IIS 6.0 Framework 1.1 & ASP.NET machine, it fails with "The remote server returned an error: (403) Forbidden." at the below point WebResponse response = reques...more >>

Is is best to install IIS 6.0 on windows 2003 on the d drive for security. If so, can someone please point me to a site where I can get the syntax for the components section. I am having a hard time finding the code to add to an answer file. If somone has a answer file already they can post...more >>