I need a tutorial that shows me step-by-step how to set up my IIS so that it will be safe. I mean something like this http://www.windowsecurity.com/articles/Installing_Securing_IIS_Servers_Part1.html but for win2003. Since I am not an expert I fear that my server will be in danger without a...more >>

Hi, I would like to implement in an IIS more than one SSL certificates, for example one domain name is www.test.com and the other one is www.test2.com and both of them in to a server and there is only one IP address. Need I use more than one ip address or more ? if could we use more than one ssl...more >>

I have a website using Windows Authentication and Delegation to access a backend SQL Server. Everything works when I am on the LAN. When I try to access the website from home I get the Login failed for User NULL... I am using the same name to access when I am on the LAN as when I am at ho...more >>

In IIS6 I defined a custom error page. If I ask for a non existing page in an authenticated folder, it raises a 401.2 error instead of a 404 error. If I aski for a non xexisting page in an anonymous folder, the error page is correcly displayed. What could it be ? -- Patrice ...more >>

I have an ASP.NET site hosted on an SBS 2003 server. The server is a day old and no changes have been made to IIS with respect to user rights, etc. I have configured IIS_WPG to have the rights necessary to access what needs to be accessed on my site folder. I have set this up many times befor...more >>

I have an IIS 6.0 server that was configured with an SSL certificate. That server was moved into a different domain and I am now having trouble applying a new SSL certificate to this IIS server. The web server cannot seem to talk directly to the certificate server in the new domain. I g...more >>

I have a server2003 with IIS6.0 Thanks Bo ...more >>

Hi, I tried to enable SSL in IIS 6.0 and secure the tsweb connection with it. I create a enterprise CA, make a cert request, approve the request, and install the cert in the "Default Website" node under IIS Management. The default "https://localhost" works fine. But for some reason, the "...more >>

This is really driving me nuts. I have a local website on my PC that I use to run certain bits of software for my company. For example, a tutorial MPG file: Pre-SP2 (IE 6 and FF): Open http://localhost/ Click on file I want, and it runs. File shown as 'file:///D:/Work/Help.mpg'. Post-SP2...more >>

Im normally from a unix environment, but have to do some security testing on an all windows network. Can anyone recommend any free tools for security testing? I can hapily take nessus and nmap with me, but it would be nice to have tools that are specific to windows services. ...more >>

Hello there, How can I install an SSL service for a Web Site on port 81? That is, I have two sites on my server, so same IP but port 80 and 81. I want a subdir of site in 81 under https. Everything works if the the site under https is on port 80 (as often happen) but this time I have to...more >>

From time to time we don't get any response from IIS on our 'stand alone' Win2003 Web Server, which is running WEB services. It's strange because there are no errors or other problems, web services just don't respond, so the only way to solve this is to reset IIS (iis reset). After that all is...more >>

Hello! I have a website running on IIS 6.0. The website points to some perl files for submissions. The perl files are located in cgi-bin directory. Here is the problem. When I click on request button, the browser tells me file not found. I enable directory browsing and when I open the ...more >>

I have to reset the security permissions for the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322 folder on one of my web servers frequently. The machine\aspnet accounts keeps disappearing from the security permission. I’ve even rerun aspnet_regiis a few times but nothing seems to stick. The e...more >>

Hi Gurus Can anyone advise on the steps needed to safely lock down IIS on a Windows 2003 donain controller. I know IIS lockdown is not needed on Windows 2003 IIS and I know I need to still run URLScan 2.5 but I was wondering if there are any other best practices that I should carry out. ...more >>

I've got a problem! My web-game (http://battles.interstellar-war.com) is being plagued by a particularly annoying user. He creates multiple accounts and uses them to harass other players. Each time I ban one of his accounts, he creates a new one. I've tried blocking his IP address, but that'...more >>

Hi, The Application Log of Eventviewer has multiple messages about Active Server Pages stopping and starting. The stop messages are as follows: Source: Active Server Pages Event ID: 4 Description: Service stopped. The start messages are as follows: Source: Active Server Pages Event...more >>

Hi, I'd like to setup IIS so that when users go to the urls: http://www.webserver.com http://webserver.com http://webserver.com/* it automatically forces them to SSL, i.e.: https://www.webserver.com It'd be nice if this was done without a redirect script and was a function/featu...more >>

I have a SBS 2003 running IIS 6.0. Website is running fine. In a website I have a section where I can fill out blanks and hit submit and all info is emailed to me. The file that is called on submit is:"FormMail.pl". Currently the file is located in the CGI-BIN directory in IIS. Problem is ...more >>

Multiple SSL Sites [one] IP I am looking into a method of hosting multiple SSL Enabled CMS Type Sites (I.E. Mambo Server for example or even PHPBB, for all whom may wonder). The issue is this; I am under [one] public IP Address. Although IIS will allow me to host as many sites as my se...more >>

Hi, I'm running an asp.net application on IIS (Windows XP pro, dev machine). The app must call an exe in order to run an API, but in the doc it says we must redirect to the .exe, but IIS asks me for my credentials every time (username/password) even if I don't have any authentication enab...more >>

Hi All, Looking for advice on the advisability of putting HTTP and HTTPS sites on same physical server where the certificate is associated. Obviously HTTPS addresses transfer of data rather than site/server security however it wold be great to get an authoritative view on this. Must admit ...more >>