The below request for cmd.exe should not have reached IIS. Could somebody please tell me what setting in UrlScan.dll am I missing? This is what what I've found in my WEB server log file: ++++++++++++++++++++++++++++++++++++++++++++++++++++ #Software: Microsoft Internet Information Services 6...more >>

Hi all, I have locked our 2003 SP1 server down using the security configuration wizard and group policy, now for the fun to begin: ever since I have completed this process, we can no longer write to the guest books. The content is there, but when we type a few words, then click on "Submit...more >>

Setup: ASP.Net, IIS6, basic setup on Windows 2003 Server: -I have a directory in my web application that contains MS Word documents (.doc). -User opens one of the .doc in the browser it opens fine -User leaves the page (back button or close window) and there is a Windows challenge dialog! ...more >>

With Windows update and KB886903 security patch, IIS will not server Active Server pages, .NET, etc. I simply get a 'Resource not found' screen. If I remove KB886903 it works properly again. Normal HTML files are served up fine, but no ASP.NET stuff will work, period. What's with this? B...more >>

Hi! I am trying to set up webDAV folders using digest authentication. The event log shows the account authenticating correctly and everything works when trying to access a folder that is on the web server, but when trying to access a folder on another machine through a UNC name, after 3 a...more >>

IIS 5.0 ->Default Web site->mywebsite->Right click->Properties->Directory Security In this window, 'Server Certificate' button is disabled. I cannot procedd further. These are some of the things I have tried - I have the admin access to my machine I have tried to remove access for annonymo...more >>

hi, IIS is being accessed only via administrator and power user. how can user use it. if in user mode, "http://localhost" tying does not perform any activity and shows a page with only error contents. pls suggest steps so that normal users account do have the facility to do ...more >>

Hi all. I have a problem that I'm not sure I understand. I have a web site framework that is designed to support Windows Authentication, Forms Authenticatio or Mixed. When logging off from Windows Authentication, the framework redirects to a special page that allows Anonymous Access but doe...more >>

Good day, When creating a new certifcate requets via the IIS wizard, how the corresponding private key can be exported to a file? The key surely exists, since the cert viewer tells "you have a private key for this certificate" - after the certifcate is approved. (And of course the key exists, o...more >>

Hello all, I'm experiencing a very sporadic error since our company upgraded our intranet server to IIS6 (win2k3 sp1). The problem is stemming from an HttpWebRequest made in one of my .NET applications which is attempting to include the contents of a web page in an email. I have attempted s...more >>

I'm using a https web site with SSL certificate on a IIS 6 and now I'm trying to configure the access to this site with "Integrated Windows authentication". If I access the site from my notebook which is connected to the LAN it works fine after I added the site to the trusted sites in the IE of ...more >>

My asp.net app is trying to access a local share on my my server. The share and the server are on the same box. To begin with, I gave the ASPNet local user account full access to the share. Then I enabled anonymous access with integrated windows security on the web site. It works like a char...more >>

Hi all, I've got an IIS webserver where I need some users (authenticated using active directory) to have traverse rights through a directory but *not* rights to read or execute any of the files in it. I've set up a particular group with traversal rights with no read/execute, yet try as I migh...more >>

Hi All, We have a AD domain with a Win2K and a Win2K3 server. IIS runs on ythe Win2K3 server. I am about to install a Certificate Server on the Wn2K box (anr using "Windows" Certifcatesand then use it to service https requests. Has anyone of you come across/foresee problems with this se...more >>

Hello all. I use Windows 2003 Server and IIS 6.0 for Web Server. I want to remove banners of IIS. URLSCAN is Security Utility for this case, but I can't find version of this utility for IIS6.0 Please give me any idea, how I can remove IIS version baners? Thank in advance. ...more >>

On XP Pro, trying to access a web page (a simple "hello world" type of default.htm page) located in C:\inetpub\wwwroot on an XPe machine on the same LAN. XPe PC name is "SIENNA1", at 192.168.0.100. The other, "Bigguy" is at 192.168.0.101. Both are able to access the internet via IE6. Both can ...more >>

We have written a class that enumerates the items in a WSS list and then attemptes to open the attachment for each item. We have written two classes, one to impersonate a user and read in the list information and the other to be called by the first which actually opens the attachment. Our co...more >>

Hello, Platform: Windows Server 2003 IIS 6.0 I have several subsites in a single web site. Is it possible to have one subsite to use custom login utilizing the CustomAuth.dll (provided in e.g. IIS 6.0 resource kit) while preserving the integrated windows authentication in the other subsit...more >>

We currently have a custom ASP front end application for our SQL 2000 database. The ASP is running on a Windows 2000 Advanced Server with SP-4 and IIS 5. The ASP files are physically located on the IIS server. The export files must be written to a file server in the domain. Configuration:...more >>

Hi All, I have a IIS 6 server, I created a website, and this sevrver in a Domin, = i want give access to this website only the domain users who are in the = local group ( loacl group in the IIS server, not any domain local group) = how do I do that? I am trng varios options not geting what I = ...more >>

Hi all, We are trying to get SSL going on one of the websites on a 2003 server. We generated the certificate and it shows up as an option when selecting Sever Certificate under the Security tab on the properties. Everything seems to be fine until we try to connect to the website via https. We ...more >>

OK, here's my dilemma: I have a site with a login script and the usual checking each time you hit a page that requires it. We have finally gotten an SSL cert and it is installed, but from here I am not sure of the best approach to get it implemented. If all of the files pertaining to the area...more >>

Hi, have a site on IIS 6.0 configured using IWA only, becaues that site will grab user's logon information to keep track it. people in same AD with IIS server logon fine with no issues. people in other AD (same domain tree, sibling domains) got 401 error. while those users in sibling domai...more >>

Not sure what caused this but I can get to the admin page to manage accounts but if I try to go to the site admin I am locked out? We were running the server in iis 5 isolation mode but we have corrected that problem and switched back to 6. Now I can not add users back to those accounts....more >>

I'm unable to administer to my sites with my administrator password. Definitely SP1 related is anyone else experiencing the same type issue? Here is the error: You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you...more >>

I have SharePoint installed on Windows Server 2003. I'm accessing it form IE6 on a Windows XP computer logged into the same domain as the server. I'm attempting to configure it so that I don't get prompted for a username and password; however, nothing I do seems to work. I've tried integrated ...more >>

I have WebDav set up on a 2003 server and everything seems to be working fine. When a user opens a web folder he/she gets prompted to enter credentials and then can browse folders and subfolders that they have access to. The issue is that when they try to open a file like excel or word they...more >>

With security concerns that back door trojans can install zombie servers on systems, I am quite concerned that IIS components are installed on my XP home machine, particularly with this log file refering to "returned from France" [4/18/2005 18:52:28] LogFile Open. [***** Search on FAIL/Message...more >>

Setting up IIS 6.0 with Kerberos authentication on sites using domain accounts to run application pools has always caused me problems. I think this is because I never *really* understood what an SPN was and what it was for. Recently I did some reading and I think I've just about got it licked....more >>

Hi, My server was hacked over this weekend using the FSO exploit. It is sad that by uploading one simple asp file to one website in a server, hacker can access the whole machine, both drive C and drive D. Well I should have played around with the IUSR permissions not allowing it to access d...more >>

I recently upgraded our development application server with SP1 for Windows Server 2003 and the Web Services Enhancements 2.0 SP3. Now our developers receive "HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials" when they attempt to work on their VS.Net 2003 web ...more >>

I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran the following command line: selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 I got a message that it was successful however when I go in to "Directory Security" for my in IIS, the "View Certificate" is grayed out. I also get...more >>

We know that the std IIS logs contain the return codes of 401, 402, etc., but we are interested in the URLScan logs that were present in IIS 5 and prior with the URLScan tool was setup. I am told not to run URLScan or IIS Lockdown on an IIS 6 box because that functionality is baked right in...more >>

Hi there. I've just installed UrlScan.dll and noticed that at the end of the log = that it is terminated. I have several questions: 1) What causes termination of a UrlScan.dll? 2) What should I do to prevent termination of UrlScan.dll in the future? Thanks....more >>

Hi, Been browsing for some information about how I should organize our Windows 2003 servers running IIS6. Whith organize I mean which folder structure we should use and to to make it secure. The structure I have atm looks like this: D:\Websites ..=2E. D:\Websites\domain1.com D:\Website...more >>

Hi, Recently our website crashed due to malicious activities by a stranger by using web spider software Teleport pro. Teleport Pro is the software that does this web capture activity, the client that was repeatedly hitting us every few seconds with the ‘web capture’ and ultimately cause...more >>

Hi, i'm new to Windows 2000 server administration. I just got a Windows 2000 server machine that acts as a webserver. I saw that the ACL is very dirty: the ASPNET, FTP and IUSR_ accounts have full control in too much directory. Well, i was looking for a good tutorial on how to clean the acl...more >>

I posted this in the Security General section also and was helped to a point but then asked to come here for better assistance. Here goes: Hello, I am getting this in my event viewer every now and then. The configuration information of the performance library "C:\WINDOWS\system32\inetsr...more >>

To Whom It May Concern: Problem: Windows XP tries to authenticate with IIS as IIS_Machinename\Username Where I'd like to get it to do it like Win2k used to do and authenticate with IIS as Domain\Username I recently migrated IIS from a domain controller where the way the WinXP machines ...more >>

Wondering if anyone has experienced this or may have some insight in to what happened. We discovered that production internet web-server (in a DMZ) stopped serving pages after a reboot (patches). We had installed the patches on test servers earlier in the day and not experienced any proble...more >>

Hi Sorry for the simplicity of this question but can anyone tell me how I can easily tell if the IIS lockdown Tool as been installed on a machine. I know it doesnt appear in Add/Remove programs. I also know Urlscan does appear there but URLscan may have not been installed. I have compared ...more >>

Hi guys, Our company has been required now to encrypt our e-mails and FTP transmissions by the new HIPPA regulations. I've been researching a few options like using PGP or MS Certificate server. I was wondering if some one out there could provide with some information about setting this ser...more >>

I have a perl cgi script on Windows 2003 server with IIS 6.0 that is calling prnport.vbs, prnmgr.vbs (supplied by microsoft that creates printer port and print queue on server) however IIS returns "cscript ... permission denied" error even after adding IUSR_<SERVER> user id to administrator l...more >>

Hi Ken, I had found my problem of those "HTTP and 404" and "The Page cannot be displayed". The problem due to those shared folder didn`t configure as a Web Shaing. Thanks for your advise for the past few days. I have a question to you. I had deleted my default web site and created a new one a...more >>

We have recently moved from Server 2000 to SBS 2003. In addition to the companyweb site, I also wanted to set up an intranet that housed a few functions and applications for our internal users that are html-based. I created a new web-site, etc. called home. If I type http://home in my bro...more >>

I need IIS to respond to HTTP requests on port 443 for different IPs on the same web server, with one IP set up to handle NON ssl traffic (http://), and the other set up with a certificate to handle SSL (https://) traffic. IIS 6.0 (using Win2K3 latest updates/patches) will NOT allow this. When...more >>

IIS > Default Web Site > Properties > Directory Security > Secure Communications > Server Certificate > In the Wizard's 2nd pane choose "Create a new certificate" ... In the 3rd pane, the choice "Send the request immediately to an online certification authority" is disabled. How to enab...more >>

Hi, i have this configuration: *) Windows 2000 server *) iis 5.0 *) pages html + page asp (no asp.net) *) 1 file as databse (access 2000) *) website and database are on the same computer the problem is: i have a web server where i need to update a databse only with an authenticated users. ...more >>

I understand the use of public/private keys for encrypting. Could someone explain to me how a second public/private key pair is used for signing? Thanks. ...more >>

I'm going in circles trying to figure this out without any luck. I disabled anonomous access and am using basic authentication (integrated unchecked as well). I have created a local user on the IIS 6.0 server and assigned this user NTFS permissions to directories in question. From the out...more >>