I have a web server (2K3) sitting inside the DMZ which accesses data inside the domain via the firewall. All the data, including the web site, resides on the data server and is an in-house application. The executables runs on the web server and fetches the data the customer requests. We have t...more >>

The IE team has announced that IE 7 will put warning messages on Basic Authentication username/password prompts. So, I'm trying to get Digest Authentication set up as an alternative to Basic Authentication. I'm finding that IIS is rejecting Authorization: Digest headers from Firefox, but ac...more >>

Hello folks! I have a Windows 2000 server with IIS 5.0. I need to install/import an SSL certificate into one of the sites. The problem is, when I click on a site, right-click to open Properties, select the Directory Security tab, then click the Server Certificates... button, IIS Manager ...more >>

I am using Windows 2003 Server and IIS 6. The website set up as Windows Authentication. Is there a way I can only allow few users (managers) in my company to access Website via Windows Authentication? All other company users will be dennied access? Thanks, JimmyChang...more >>

Hello Here is a strange one. I have and asp 2.0 web site hosted on ServerA that uses windows authentication. When I acces the site from a local pc everything works the way taht it should. If I access the site from a browser running on the server that is hosting it I get the windows logo...more >>

Could anyone point me in the direction of a knowledge base or good book that will help in understanding suspicious looking entries in the logs? I use iis 5, fully patched, anti-virus installed, updated daily and scanned daily. For example, GET /webcalendar/tools/send_reminders.php cmd.dat?...more >>

I have installed IIS manager on a central machine and made an MMC with IIS for several web servers. It connects and shows me everything including websites. On some servers, when I click on a website it says "This site cannot be started because another site running on this computer is already...more >>

Guys I've been informed today that one of my websites (at work) is allowing CSS. Apart from Sp'ing and HF'ing the server is there a IIS security tool I can install on Server 2003 that will prevent all known forms of attacks on the box, such as a security roll up tool that used to exist for ...more >>

I'm working on a C#.Net Web application involving a third party dll. Because they use SoftLock in that dll, the Web app cannot access that dll at runtime, and they told me to make "ASPNET" as a member of the Administrator Group. That fixed the problem, but is that too risky? What might be the ...more >>

I want to allow an IIS admin to do everything IIS but not be an admin on the server. I will have them use MMC on a remote computer and open IIS. That part works when they are in the admins group...looking to make that be a much smaller group. This site has some directions that don't qui...more >>

Hello; I'm trying to set up a web app that accesses a SQL database on a second server. I want to use integrated security and have set the computer account as trusted for delegation. I know I need to use setspn to tell Active Directory that there is an authorized instance of a service of c...more >>

I moved web server (from Server 2003 Standard to Server 2003 Web Edition). I noticed that permissions hasve changed some under IIS. My asp page uses FileSystemObject to write file. My old server, this worked fine. I have verified that WRITE permission is enabled under IIS. But, Under PERMI...more >>

What problems would be caused if the IISADMPWD page is accessed via Anonymous access to the pages to the Internet? What kind of vulnerability would Active Directory be in should this be configured this way? We need a way for users who are on the road all the time and never come to the offic...more >>