Hi. I'm moving an intranet based application from a Windows 2000 server (A) with IIS5 to a newer Windows 2003 server (B) with IIS6. When opening the application (located on B) with a Windows XP SP2 computer, Internet Explorer blocks an ActiveX-object on a crucial page claiming it contains uns...more >>

I am using a XP-Client, IIS6 on W2k3 as Server, connected to Tomcat as Servlet-Container. If I start my Servlet without IIS, it works fine, if I start it with IIS (localhost), then IIS shows the Login-Dialog - I have unchecked anonymous access and checked integrated windows authentication. I ...more >>

Dear everyone I have a webserver with Windows Advance server 2000 and IIS 5.0,I have a virtual directory on it with basic authentication,When I browse a file from this virtual directory with this command: "http://userName:PassWord@HostName/Path.../filename" if my O.S is Windows 98,20...more >>

We have an SQA machine set up to do testing of IIS hosted web applications. It is running Server 2003/SP1, and is joined to a domain, but not a domain controller. I need to delegate the following tasks to the SQA group, but would prefer not to give them full administrative rights on this ma...more >>

i get popups when ie isnt open. I installed an adware detection program from microsoft but it still happens....more >>

Hi, I have a Website running on IIS in a W2K Server that has a virtual directory to a network resource on a W2K3 DC. The W2K Server is part of the domain. In the MMC i have a red error icon, although i can access the resource and the resource files appear on the MMC. In the Virtual Direct...more >>

Hello! I have my web site running on Windows Server 2003 Standard with IIS 6.0. I have an executable file, support.exe, that I want to have accessible to my clients, but not to anyone else. I would like it to be available via http://www.mydomainname.com/support.exe so it is easy to downl...more >>

Hi, I have Windows 2K with IIS 5.0 and Frontpage Extentions. To get Frontpage Extentions to work right you have to give read, read, and execute permissions to your internet guest users. To make my question easy, I'll show you how my Security is setup on a web folder and then can someone explai...more >>

This sounds like a simple question, but I'm getting a little confused If I have page X as HTTP and post to page Y which is HTTPS, is the data sent encrypted? And vice versa, if page Y (HTTPS) posts to page X (HTTP). I generally have both pages (X and Y) in HTTPS, which sorts out my...more >>

Anyone know if it is possible to lock down the IIS 6 Manager interface? I need to have underprivileged users have the ability to manage IIS and nothing else on several servers in a web farm. Also any possibility of locking it down to read only access? Thanks, Brian ...more >>

My asp.net application works perfectly in IIS 5.0 with Windows 2000, but since its been deployed on Windows 2003 server with IIS 6.0 I have started getting following error on most of the pages "Compiler Error Message: BC31019: Unable to write to output file 'C:\WINDOWS\Microsoft.NET\Framew...more >>

Hi, i'm trying to get the "automatically detect settings" option in my internet explorer to work (you know, to get automatic proxy configuration form the webserver) i got as far as using the "use automatic configuration script" option with "http://wpad.my.domain.name/wpad.dat" filled in as...more >>

Hi! Im trying to get basic authentication work in IIS6. I have checked the basic auth box in settings and selected domain and realm but when i try to access the site I have to specify the username in the DOMAIN\USERNAME format or else I'm denied access. I've also tried this on an WinXP work...more >>

Hello, App pool crashes on W2K3 SP1 while running with Network Service identity. However it runs OK under local system account. We didn't face similar issue before SP1. Component services security for Network service has been adjusted, however it didn't help. I would be very grateful for ...more >>

I RECNENTLY STARTED RECEIVING A POP UP WANTING ME TO SUBSCRIBE TO A REGISTRY CLEANER PROGRAM IS THIS A LEGITIMATE PROGRAM FROM MICROSOFT OR IS IT SPAM PLEASE REPLY TO bjohanns@telus.net Bob Johannson...more >>

I had to restore an image to my boot drive. The restore has an IIS image before it had the IIS cert. Is there any way to install the ssl certificate I have? I tried to create a new pending request but I couldn't use my existing cert. I don't have a backup of the private and public keys. J...more >>

(1) How do I install (or require SSL) SSL on a web site? (2) Do I have to use a certificate? If yes, can I create my own? -- NuBee...more >>

I am a local administrator on a Windows Server 2003 system (SP1) and I cannot successfully logon to the Default Web Site. Permissions and Security for WWWRoot lists Administrators as Full Control. What am I missing?...more >>

Hi I have a problem with a wildcard SSL and I'm sure someone else must have come across this scenario and solved it. We have a wildcard SSL *.domain.com I have installed the SSL and if the website is called whatever.domain.com the client receives no errors and the SSL is established. ...more >>

Hi there, I use IIS6 on Server2003Standard with isapi-redirector to Tomcat 4.1.31 as servlet-engine. Everything works fine, ... but: every time, I call my servlet (even local or from a client) there are three entries in the IIS-Log, the first two of them with an error 401 Where are this erro...more >>

For a long time, I experienced random problems with Microsoft IE Web Controls. Most of the time, I managed to get the Tree View and Tab Strip to work again after they mysteriously stopped working. Unfortunately, IE Web Controls seems to have stopped working for good on my IIS 6.0 server. I tr...more >>

I get denied access, where can I allow PHP to write files? I get error messages when I try to fwrite, and I checked my php.ini file, there is a specific line to grant access to fwrite and fopen, does anyone know anything about this? -- ctrygstad --------------------------------------...more >>

Hi, The problem i'm seeing seems to exist only with the Default Web Site and Default App Pool. Earlier today, we installed MS Project Server 2003, and had Sharepoint extend the default Web Site. Since then our two ASPNET applications running, plus WSUS, have stopped working; throwing a .N...more >>

Hello! I really hope, you can help me: I have installed an ASP-application with exactly the same IIS-definitions on Win-XP and it works fine! I try to install the same ASP-application on Windows Server 2003 Standard / IIS6 I have created 3 separate virtual directorys: for the *.asp, for ...more >>

I am hosting a few websites on a win2003 server (fully patched) / IIS6. Each site has forms that when filled out use CDOSYS to email info to users inside the company. Everything works great. Are there any CDOSYS vulnerabilities that a spammer could use to take advantage of those forms to ...more >>

Hi, I am trying to use the remote workspace , remote access website of our network, but it seems as it can be accesed only from inside our local network, how can i make it work from outside? Our outlook webmail and OMA work fine from outside. Also a secondary website i have running on a diff...more >>

I have a newly built Win2003 server w/IIS6. The server is standalone and there is no AD. Users log onto client machines with credentials that match user/pass accounts on the Win2003 machine. Everything works fine, clients get access to shared win2003 resources as expected. However, when I sta...more >>

I have a web server running Windows 2003 with SP1. I need to use a client certificate to control the access to a path. Under Properties -> Directory Security -> Security Communications (Edit) of the folder, I checked Require secure channel and Require client certificates. Then I added a mappin...more >>

would someone please tell my how to set my encryption higher...more >>

Is there any ill effects of installing virus scanning on an IIS 6.0 website - is there any directories that should be excluded? ...more >>

Does anyone know of a security issue of using the root of a drive, for instance d:\, as the home directory of a virtual directory in IIS? I am proposing doing this for purposes of Remoting to save a lot of effort in configuring remoting objects. My company already has an established directory ...more >>

I am developing on two seperate laptops and I am posting my code to a hosting provider. My code works perfectly on laptop1 and on the hosting provider. The same code does not work on laptop2. On this laptop2 I am unable to create cookies, sessions or a ticket. I know cookies work on laptop2 ...more >>

Hi, We have a w2003 domain controller which also has IIS ans WSUS on it. Are there any security implications with this setup or do you think it's better if I install IIS and WSUS on a seperate server. Thanks Khizer ...more >>

I am writing an ASP page to edit a database. Ive done it many times in the past successfully and I am using copies of that successful code, so i wont worry about the db code or setup its fine. i can read no problem from the db's, but if i try to edit one i get... Microsoft OLE DB Provider for...more >>

G/Day Forum, We are working on complying with the Visa/MAsterCard Payment Card Industry Data Security Standard (PCI DSS). As part of this we need to imply the following controls on the storage of credit card data: to encrypt data at a folder level - that is all of the containing folders and...more >>

I am still trying to get all my spn's configured properly and seem to be missing something. The details of the event log are; "The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/vieon-sql2k5-01.vieon.net. The target name used was HTTP/VIEON-Sql2k5-01.vieon.net. ...more >>

I've read through all the SSL and Web Farm posts on microsoft.public.inetserver.iis.security and non of them seem to have the answer for me. Before I start I have read the following articles: http://support.microsoft.com/?id=313299 (how to setup SSL on webfarms) http://support.microsoft.com/?...more >>

I ran the command cscript adsutil.vbs set w3svc/NTAuthenticationProviders "Negotiate,NTLM" which is causing some services to not use Kerberos which is causing some other problems. I would like to find out how to remove this node as if I never ran the command. Thanks, Mike ...more >>

What was a "trivial occurrence" is now a cause for concern. We've been seeing increased activity which seem to be from Java based crawlers/spiders/scrapers. User agent is of the form: Java/[various versions] Is there a way to restrict/deny requests by a specific useragent on IIS 6 /W2K...more >>

I am attempting to secure a directory off a URL (ex. www.domain.com/dir1/members I have changed the NFTS permissions on the member (this is not a virutal) directory to remove my anonmyous user and added a user who has local login rights. When I attempt to access the URL, I am prompted for ...more >>

Is there a standard security template that comes with IIS to harden it? Anythin like securedc.inf? ...more >>

We are using WSUS as well. All of the updates since the WMF patches has caused some of our Windows 2000 systems to reset the user profile. For example, if my username is vehemeni, when the update finished it hang and did not reboot the machine and i had to manually reboot it. When i then logged...more >>

Hi All. Thanks in advance. I have two Domains, one "AM" and another "EU", I have a website hosted on a server on the domain "AM" called SERVER1, and the site called "Site1". I want thar users from "EU" domain can connect to the Site1, but using Integrated Security on the Site1. The p...more >>

Hello, I was wondering how I could implement pass through authentication. What I need is to be able to programmatically retrieve a users password so that I may pass that information along to another website. Request.ServerVariables("REMOTE_USER") will give me the username how can I get th...more >>

Hi I have two IIS Servers that are exhibiting the same behaviour one is IIS 5.0 (exchange) the other is IIS 6.0 (Sharepoint Services 2.0) My issues is that if I connect to either of these servers using anything other than the Netbios server name I get prompted for authentication. e.g. ...more >>

We have migrated from Exchange 5.5 to 2003, creating a new AD for the users and mailboxes. We have another server running IIS 5 that we controlled access to by setting up Windows authentication to the NT domain. We are now trying to link access to the user-id's in AD, to avoid keeping two id...more >>

Hi all, We want to control access to different sites with “IP address and domain name restrictions” in IIS6 (2003 SP1) but ran into proxy problems. The server is hosting a Citrix Webinterface 4.0 website and all traffic is routed via/through Citrix Secure Gateway that acts as a proxy,...more >>

I've got this really weird problem... I have two directories on my server with very similar apps. The index page of both, is a simple web form which submits some fields to an ASP script. This script checks our database, validates the information, and if it thinks the info is correct starts a...more >>

I was wondering if it is possible to block visitors coming from a particular website ? I want to be able to block via referrer links, if that is at all possible ? Thanks. Edwin...more >>

I am setting up an ASP web site on IIS 5. To handle authentication, I check Request.ServerVariable("AUTH_USER") and send a 401 Unauthorized response if no user is authenticated. When the login box pops up, I want to specify the default domain so that the user doesn't have to type in domain\use...more >>