Hello, I am trying to tighten up security on my web server. I have created a new application pool with a domain user listed for the account. This account has also be given the following rights: a) put it into the IIS_WPG group on the server b) grant it: (i) Adjust memory quotas for a proc...more >>

Hi, This is probably going to sound like a stupid question, but I'm stumped. I am running IIS 6.0 on Windows 2003 Server. In the past, when our web developers needed to create or edit websites, I would simply sit with them, log on remotely and create any files, foldrs or virtual directori...more >>

I changed my IUSR password on my IIS 6.0 server My server now logs errors in the event log that the IUSR makes bad logon attempts. How can I change the password contained within IIS to be the same as my IUSR account password? I have downloaded the metabase explorer (I think I use this) ...more >>

Hi to all, i have a problem with iis 6.0 , if a try to load a stupid file txt within "Hello World" it's work , if i rename this file from .html to .tck (my personal estension) a HTTP 404 error appared ? Why ? The same in IIS 5.0 Working ... it's possible any securiy IIS 6.0 configuration...more >>

Hi, I'm stumped with an issue at work. I am trying to provide some of web/apps developers I work with the ability to create virtual directories and other IIS options without actually including them in the administrator group. I've tried everything from group policies to local account optio...more >>

Hi, I am doing development on a win2003 standard server with IIS installed. I also installed certificate server and was able to figure out how to create a certificate. I think I got it installed correctly on my default web site. However, when I browse to my app via https://localhost/myapp/de...more >>

As a reference to the post "Permission denied when writing to eventlog from global.asa" posted on 6/27/2005. Nobody seems to monitor that post anymore so I post a new one. We have an .asp-application running on a Win2003 SP1 with IIS that the user access using their IE-browser on their XP-c...more >>

Hi all, I want to install the osCommerce, but after successful installed, have some security on the files and directory setting need change by myself. but the user document from the official web site is write for UNIX base computer by using the chmod command, for Windows base server. how t...more >>

Hi I set via IIs on windows 2000 server sp4 an ftp site with one directory accessible. The permissions on this directory are full to everyone but, only users who have administrator's right can log on this ftp; when a user don't have administrator's rights, the error message is "login o...more >>

Hi there, I need some advice with IIS. Usually, we're running Apache, yet some apps need IIS. No problem so far, a Win2k3 Server is hosting these applications. Actually, one of the sites (located below the default website) is not accessible. The site requires anonymous access in order to d...more >>

I have a question about the Microsoft Index search, is it possible to do a special configuration for the search so that we can restrict the search into different folders within one website?...more >>

On one of the computers I have... I cannot go to the Google or Yahoo websites.... I get a message "soon" I think it is missing the right certificate... can anyone help me out please... I have installed firefox hoping that it will get fixed... did not work... Blue Bayoo ...more >>

Hi, I have an AD domain which hosts an application which uses IWA. All the users are from domains other than my domain and a trust exists between my domain and all the user domains. The IWA works fine for users on Windows 2000, Windows XP and clamped down Windows NT 4.0 workstations. It...more >>

Hi, I have set up a web site which runs off one of our internal web servers. Everything works fine when I try to access the site from within our network but unfortunately it doesn't work at all when I try to access it over the internet - I get "Cannot find server" error page. I have conf...more >>

hi, i have a problem in adding asp.net version in iis , as default my iis sets up asp.net version 1.1.4322 , but i need to set to 2.0.40607 . Manually i can do this operation set up by going to iis - properties - asp.net - asp.net version set to 2.0 version. But i ned a programatic solution...more >>

We have a server running IIS 6.0/ Solomon Business Portal/ Windows Server 2003. A particular domain user receives a prompt for username and password when entering an intranet site from her PC. User enters credentials, but username and password are rejected. User tries this from another PC...more >>

I am creating a web site in IIS (6.0 - windows 2003) using ADSI. how can i install SSL certificate and configure the site to require SSL communication? TIA. ...more >>

Hi, in regards to basic authentication for IIS 5.0. The local policy requires the group/users be added to logon locally, I tried to add a domain local group to the logon local policy I will not add it. Is this just for global groups and users? The example from microsofts web site use a "domai...more >>

I have an application running on the default Web instance in IIS. My question is that if I installed application on the default instance of IIS is there any security breaches or questions for concern by having it installed on the first default Web instance. I would think that by changing the...more >>

I've got a member server running Windows Server 2003 SP1 with IIS 6. I've installed WSUS and, like a lot of other people, the SelfUpdate tree isn't working. The log says "The remote server returned an error: (401) Unauthorized.". I've run Authentication & Access Control Diagnostics 1.0 and ...more >>

I have created 3 certificates with following commands: makecert -sk myselfkey -pe -r -n "CN=mycomputer authority" myself.cer -ss root -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 makecert -sk myserverkey -pe -n "CN=mycomputer server" my_server.cer -ic myself.c...more >>

I have been fighting this for a few days now, so any help would be appreciated!!!! I am using a Windows 2003 SP1 server to setup a new website that will require authentication. I have the only authentication for that web site set to be digest authentication. This machine is not a domain c...more >>

Hi, I am trying to restrict a simple html web page (no written security around it) to a subset of the domain users. In IIS, I have de-selected the Anonymous User and selected Win Integrated. For folder permissions where the html page is located, I have an Admin group and a User group. Th...more >>

Help please!! I have an asp page that generates an error with the statement: Set Com1= Server.CreateObject("COM.ComClsGetSysInfo") I keep getting the error: 'ASP 0178 : 80070005' Server.CreateObject Access Error The call to Server.CreateObject failed while checking permissions. Access...more >>

I tried self SSL (with /P:5005) with two different web sites on the same IP. first was 443, worked fine. then 5050, that worked fine, but broke the 443 site. reissues the 443 and then 443 worked but 5050 broke. the logs complain about unable to bind already taken. restared IIS betwteen....more >>

IIS6 ASP3 web application for configuring an ISA Server is configured to use Windows account X when accessed anonymously. ASP VBScript gets error 80070002 when calling the Connect function in the ISA Server Management API. Same script put into a VBS file succeeds when the user logge...more >>

A customer have a IIS 6 web server and even with IIS Write property DISABLED, an ASPX form can upload files to the server. The authentication is Anon (via IUSR_ user) and the IUSR_User have RWXD rights on the folder where the upload is stored. In the properties of the IIS folder where upl...more >>

Hi. I have a customer that until today passed his username / password using the URL (using basic authentication). After reading KB 834489 I see that this behavior is not supported any more. I dont understand what is the workarround described in KB 834489. I want to know if there is anoth...more >>

I'm porting several websites from IIS5 to IIS6. On IIS5, the sites all ran with parent paths allowed. To improve security, I plan on disabling parent paths on the IIS6 server. To help set up the new machine, I first *enabled* parent paths on IIS 6 by checking the "enable parent paths" box f...more >>

Does anyone know why a signed (and safe for initializing and scripting) ActiveX control wouldn't download (not even prompt to download) from an SSL enabled website? It prompts if website is accessed through http but nothing happens if going through https. The site is among Trusted sites. ...more >>

Hi, I am using an IIS 5.1 from Windows XP Pro. For a subdirectory a have only granted user "test" access (via Windows Explorer, to allow Windows Verification). Most users can just type the URL, fill in "test" and "password" in the dialogbox and browse the site. But others have to retype ...more >>

Hi, I have deployed a website on by Windows 2000 Adv Server (IIS 5.0), Eveything is working fine except when I try to access some files in the some subfolders with in the site, it throws "Page Cannot be Found" Error.. Any idea what could be causing this? and what is the solution for th...more >>

Hi all, I have an IIS6 site that will run ASP.NET that has a folder in which I need to explicitly block all possibility of code running or being downloaded (unsupervised novice web authors). In IIS5 this was easy using 404.dll. I'm aware of HttpForbiddenHandler but I'm not happy with the...more >>

Requing client certificates on the web server allows any client with certificate to make a call to web server. How can I configure IIS6 to accept only a handful of client certificates and silently drop others? Thanks. Raghu/.. ...more >>

I have noticed that when using a smart phone to connect to Exchange via Outlook Mobile Access OR Outlook Web Access via HTTPS, that when I enter the password, it takes about 5 seconds before the entry becomes masked, "********" Has anyone got any suggestions on what might be causing this and...more >>

Is it possible to use integrated windows authentication with the Safari browser? I have been able to get basic authentication to work, but the entire point of the site i am working on is to not have to type in any password or username at all. All authentication should be done behind the scenes u...more >>

Hi i'm trying to let users change password from webpage, but it doesn't work, i have followed the instructions from kb microsoft, but still not working, it says page not found can't find detailed instructions on how to let it work,someone have some tips? thanks ...more >>

Hello! Setting up a new web server to replace the old one, bought a new SSL certificate, and I was wondering if there's a way on the older IIS server to determine which pages are setup with encryption. We're talking about a site with thousands of pages, so I'm hoping there's some way runnin...more >>

I have a default web site on IIS 5 set up with a SSL Certificate issued by our in-house certificate authority. When "Require SSL certificate" is not checked the default web page "default.html" is returned via http://rs.domain.com If "require SSL certificate" is checked, a page "SSL required" is...more >>

Hello Expert I have hosted my web-site on the my server that having two network card, one connected to WAN and other connected LAN. Under IIS Manager created website its IP address is all unassigned so i should be able to view my web site from any location even from home. I tried to acc...more >>

Hi, > > Is it possible to implement in SSL in specific web page. Can you give > a details or example.. > Is really require separate virtual directory for secured and unsecured > pages. > > Thanks & Regards > Edayachandran.V ...more >>

Hi, I will be writting a web application that will accept certificates from clients. What I really need is to get the private key from the client and decrypt some data and display it. Clients that do not have the private key will not encrypted data. Is this possible? Can someone point me to t...more >>

I have no idea on security. I know I can access my webserver outside my network by my admin accounts and no other accounts via username and password. I know how to setup IIS and and maintain my server, but I know absolutely nothing about secuirty other than permissions. I could use some h...more >>

I'm slowly going crazy trying to get a 2003 web site with a specific application pool to use a different identity. I have done the following: Created a local user named web16\AppPoolSvc Made AppPoolSvc a member of the group IIS_WPG Provided NT file permissions Restarted IISAdmin service t...more >>

I just setup a windows server 2003 installation and website. Something has gone wrong with the security settings that I can't find. Anyone who tries to enter the public website is asked to enter UserID and Password. Which of my security settings is making this happen? How do I reset them ...more >>

Hi. We have a customer that open a ticket for us about a problem he is getting when "Enabled integrated security" option is checked in the internet explorer (server return http 400 - bad request). Our web application is configured as allow anonymouse + Integrated security. Our web site cons...more >>

Help!! I have an asp page that generates an excel file but with the statement: Set objExcel = Server.CreateObject("Excel.Application") I keep getting the error: 'ASP 0178 : 80070005' Server.CreateObject Access Error The call to Server.CreateObject failed while checking permissions. Ac...more >>

I have an IIS 6.0 application that I am accessing from IE6. When I set the IIS for "Basic" authentication everything works OK. When I try to use "Digest" authentication, the IE6 popos up the passwor box a number of times. The password box does not pop up at set spots in the processing of the f...more >>

hi guys i got a very strange problem here. i have a win2003 and iis6.0 server. i can run everthing smoothly from local machine. but as long as someone in the local network want to access the website in my computer. (like http://ipaddress/virtual directory name )it always asks for the user nam...more >>

My W2003 was previously a W2000 server. It keeps on using IWAM_<old machine name> instead of IWAM_<new machine name> even after reinstalling IIS. Is this normal behaviour? How to change? It's confusing. ...more >>