Hi all, I set up an IIS6.0 server and have some downloads that are executable files. When I try to download them using both IE and FireFox, it returns a http404. I thought I had found a solution online http://blogs.msdn.com/david.wang/archive/2005/07/11/Allow_file_downloads_on_IIS_6.aspx, ...more >>

I host several virtual web sites on an IIS6 server utilizing the host header record for differentiating each site. I currently have 1 SSL site on this server but would like to configure a few more. I did some web searching and if I was understanding everything correctly, you can do this but ...more >>

Hello, I am in the process of deploying out SQL Reporting Services. Is there a way that I can hide the domain name or the server name when the popup box appears during authentication?...more >>

Running a Windows 2003 R2 Standard configured as a domain controller (the machine will be used as a stand alone demo machine) Working the Kerberos sample in %Program Files%Microsoft WSE\v3.0\Samples\CS\QuickStart\Security\WSSecurityKerberos\Policy It works fine with the service hosted by I...more >>

Hello, I administer a Windows Server 2003 running IIS 6. I also administer multiple web sites that are hosted on this server. One of the end-users maintains some Access databases that are contained in one of the virtual webs. He gets the following error message from time to time: Unable ...more >>

Hi all, After i locked down a Win2003 Server I installed a certificate, checked the "Require secure channel (SSL)" , but i can still logon to this web application over http. https is working also fine. Any Ideas? Thanks, Shif ...more >>

We are running win 2K and IIS. We have 2 websites configured on the same box, each running on different IP addresses. THere are subdomains pointing to each of the IP addresses. We turned on SSL and have 2 different certificates for each site (running on 2 different IP addresses). Everythin...more >>

I have a website on an intranet that uses php and all of our users utilize smart cards for login to active directory. Can someone point me to something that shows how to implement smart card authentication on iis/php? Right now, the php page queries for the username/password and checks against...more >>

Hello I've had some issues with IP addresses appearing to be automatically added to IP address restrictions (at the 'web sites' level) and being denied access on an exchange front end server. This is affecting OWA users as it prevents access to their email. Does anyone have any suggesti...more >>

We are running win 2K and IIS. We have 2 websites configured, each running on different IP addresses. THere are subdomains pointing to each of the IP addresses. We turned on SSL and have 2 different certificates for each site (running on 2 different IP addresses). Everything seems to be w...more >>

We have single server that we are using for development, and have invited some 3rd party developers to create some aspnet content on the server. They have requested Terminal Services Login (remote desktop). WHAT is the minimal security group or Best Practice for giving outside users such permi...more >>

I'm currently maintaining an intranet ASP based product for a small business, and I have run into an odd problem. I have a directory which is full of documents that need to be accessed via a central website, both internally from the office, and externally from home. The data sits on the se...more >>

Hi All, (I am hoping for some inspiration here) We have a problem which has appeared in the past few weeks where our laptop users remotely connect with XP SP1 and SP2 laptops to Windows 2003 SP1 AD network using Cisco VPN client. Transport is one of: 1) modem PSTN connection 2) broadband...more >>

Our dev team is in the midst of a code migration from old ASP to PHP. In the process of migration, we need an ASP form to run a php-win command in the background. This works fine if the AppPool identity is LocalSystem, but the php-win quietly does nothing if I set AppPool identity to NetworkSe...more >>

I have a problem with a accessing sharepoint web site using integrated authenication, If i use http://ip address it works fine. If I add a entry to the host file of the client machine ip address sitename it works fine But if i try to access it via http://servername or http://servername.domai...more >>

I have a W2000 server running IIS 5 for my local intranet and a help desk website. We use basic authentication and I have set the default domain to my local domain name. When a user attempts to login the login is rejected unless the user enters his login as domain\username. When the user only ...more >>

Hi all, I'm having a problem with IIS server. I'm got a collection of excel spreadsheets and word documents available on a website. The files are for viewing only (i.e., read only). When I click on a link to download a word file it prompts me whether I want to save it or open it. If I save...more >>

On a 2003 stand alone server I'm running Citrix webinterface on top of the IIS. This web interface implements it's own authentication for regular users, and as such IIS sees user sessions as anonymous. But a subdirectory of the IIS allows for administration of the web interface, and because...more >>

Hi there, We have 500 users on our network. I'm writing a web system (asp.net) where you can create a user and give them access to various sections of the site. To create a user you select and existing Active Directory user and just attach their permissions (to see different web pages/opti...more >>

Hi. I was wondering if anyone has any insight to the following problem. I use a DNS connection service to run public websites from my home computer. Recently I created a website that uses Integrated Windows Authentication for access. I created the virtual directory in IIS 5.1 and gave all the r...more >>

Were using the microsoft exception management application block to log .NET exceptions from an ASP application to the event log. However on Windows Server 2003 were getting an access denied error which is outlined below. As per other recommendations I've done the following 1) Made sure t...more >>

Hello, I have a LAN 2003 server running IIS for WSUS and DeskNow WebMessenger jabber server. No public exposure for the IIS. On a recent security audit by outside consultant, they recommended the following: .... the default scripts and manual pages are installed and should be removed fro...more >>

Hi, we are using SBS2003 with outlook web access and active sync. I have been trying to make working certificate with more or less success. How should it be made. Our sbs domain is with suffix .local. We have a public IP address for our server. I can connect to OWA with public IP address....more >>

quick question on the recent KB article "An ASP.NET page is stored in the HTTP.sys kernel cache in IIS 6.0 when the ASP.NET page generates an HTTP header that contains a Set-Cookie response" (http://support.microsoft.com/kb/917072) Does this affect Forms Authentication Cookies? Dinis Cruz ...more >>

I want my site to use SSL, so I followed the following instructions posted on the http://support.microsoft.com/kb/324069/ 1. Log on to the Web server computer as an administrator. 2. Click Start, point to Settings, and then click Control Panel. 3. Double-click Administrative Tools, and then do...more >>

We have had 3 separate Windows 2000 servers running IIS come down with something. This started about 2 weeks ago and it has the following symptoms. The server is very slow to login to. Once up, if you go to the Event Viewer you can see entries but cannot go into an entry to view the details ...more >>

I have IIS 6.0 on Windows 2003 Standard Edition. I have an html page that links to an Excel file on a virtual directory, but when I click on the link, it returns a 404 error. I know there were some new security measures in IIS 6 that caused this, but have not been able to find out how to c...more >>

What is the best way to set-up cross site authentication ? Ideally we would like users who have authenticated into a secure section of one (local) site to be able to click on a link and somehow pass the authentication credentials to another (remote, not on same domain) site without prompting t...more >>

Can I have more than one IUSR_ account per site If the main site has the default account can I specify a different one for a folder in the site and still maintain the default for the rest of the site? ...more >>

Our apps developers created a website with a link for comments. When users click on the link to enter comments it asks them to enter username, password and domain name. I checked the settings for this page and the windows autentication is selected (I should mention that this website is inter...more >>

Dear Sir, Can anyone help me on this topic. 1. How secure is Internet Authentication Service (IAS) that support Remote Authentication Dial-In User Service(RADIUS)? 2. Advantage & disadvantage of IAS&RADIUS compare with DMZ? I really appreaciate your help and time Thank you so much ...more >>

Hi all, I have a Web site, on the server side, a Word compatible document is created. On the client side, an instance of Word opens this document, applies some headers and footers, and attempts a Save-As. However, I get the above error on the following call : Call doc.SaveAs(docName,...more >>

I have a certifcate set on my one of my servers set as issued to something like myserver.local which works fine. But when I goto the site by another name it is known by (ie othername.local ) I get the security warning that the cert was registered under the other name. Is there a way to have the ...more >>

I have a windows 2003 stand alone iis server that has a ftp server running. I have 2 virtual directories that are on other servers. I am trying to setup an ftp user so that they can access these virtual directories. What I have already created a user on both servers so it does passthrough ...more >>

Hi, I'm hosting an Anonymous FTP server (read only) on IIS 5.0 I often get attacks lasting about 20 minutes of a user attempting to login as Administrator. I have a strong Administrator password so it always fails, but at first, the event log would fill up with Security Autit Failures, so...more >>

Environment: Windows 2003 SP1 Exchange 2003 SP2 Problem: I'm trying to install a SSL certificate for OWA (default site). I've used SelfSSL out of the IIS Resource Kit. I installed the certificate through the CLI, and went to edit the options under the Directory Security Tab in the ...more >>

Is there a way to stop a brute force attack on IIS 5.0, my log file shows a lot of attempts to login as Admin on my FTP site.. ...more >>

Hi all, I am managing local network of about 10 systems. All the system are used by ..Net Developers. They all require IIS for developing & testing web applications. What I hav to do is to give them administrator permissions. Because below that don't work. And when developers debug their appli...more >>

Hello everyone, How are you? Strangely I have the problem with closed port 80,,. I read many problems about opened port 80 but not like mine port 80 always i9s closed. My web server with Win 2003 enterprise worked fine for more than 2 years and suddenly last 10 days my web pages do not sh...more >>

ADODB.Stream error '800a0bbc' Write to file failed. I know this usually means I don't have the correct user access setup on the directory I am trying to write to, but I have added "everyone" w/ full permission and it still doesn't work. Im wondering if there is something wrong w/ IIS a...more >>

Hello's We are in the process of evaluating whether to enable password change via IIS on our Intranet site which is accessible to the outside world after presenting valid Domain credentials. What security concerns should i be aware of by turning on the Enable password change property in the ...more >>

Hi, I have a server having the HTTPS or SSL but I like to redirect it to other SSL/HTTPS in other serverS. is there a way to do it in IIS in windows 2000 server? regards, IIS help...more >>

I have set up a website with SSL on machine "A" and requested a certificate - Installed Stand alone CA on machine "B" and invoked the certifikate on this and imorted that to machina "A". It works, but clients cannot accept the certificate. They get a "Windows does not have enough informatio...more >>

We have requested and installed a new public certificate for this server however when a page is requested the old certificate is offered. This gives a warning pop-up that the certificate has expired. According to the IIS Administration Snap-in the correct certificate is installed. Why this ...more >>

We are using a Win 2003 server, running IIS 6.0. We have company blogs on this server, using Moveable Type. We are trying to restrict access to some of our Blogs by password-protecting them at the server level. However, we have found if we take the IUSR_Webservices user off the list, the Blogs d...more >>

I have implemented MS Article ID 187498 to do this. However, when we run open ssl against our win2003 IIS server to check that the change is made it detects 2.0 as still enabled. Has any one had this issue? IS there another process specifically for IIS 6? I'd appreciate any info. Thnx ...more >>

Hi, I have the following configuration Two Active Directory Domains in two separate forests. Domain A Windows 2000 Domain B Windows 2003 I have a one-way trust between them such that B trusts A I have a web application running on a Windows Server 2003 installation using IIS in Do...more >>

Can anyone recommend any programs (freeware preferred, but not necessarily) for testing one's own server for security holes - particularly with respect to permissions, but also more generally? Thanks. ...more >>

Is there any good tool to block IPs on IIS 5 on multiple sites in the same time? I know that I can use WWW Services Master Properties to deny IP on all sites, I don't like it very much because I cannot paste IP into list, without typing it manually. Thanks! ...more >>

We recently installed some updates on our Windows 2000 server machine. It is running IIS 5.0. Ever since we did, one of our web pages no longer works. Here is a snippet of the code that no longer works: Function GetHTML(strURL) Dim objXMLHTTP, strReturn Set objXMLHTTP = Server.Create...more >>