According to a white paper entitled MS Incident Response Plan, MS states that you should never load IIS on a domain controller. Does anyone have any experience with a fully updated windows 2003 server and a fully updated IIS install having security problems? Thanks, -- P Cully...more >>

Hi, In short my problem is securing static pages, so that unauthorized (anonymous) people doesn't get access to these files. You'll find a detailed description below. I have a websolution that is made in Dotnet 2.0. The solution send the user to a correct module based on the users credentia...more >>

Does anyone know the method and strength IIS encrypts the anonymousUserName password in the metabase.xml? Thanks!...more >>

Hi, How are you all? I need information regarding SSL using IIS5.0 Server. I got the CA certificate and i want to setup the SSL connection to my Virtual Directory. Please note that if i assign this certificate to the Web Site then it's enabling the Virtual Directory's "Server Certificate" ...more >>

Hi We have 2 ftp servers in seperate DMZs in different parts of the country both running W2003 Server and IIS running with users isolated using local accounts and individual ftp sites - has to be this way due to the nature of our business and also the files get copied to remote sites aroun...more >>

I am trying to use the Novell NetDrive freeware to connect to an IIS 6.0 WebDAV directory. I tried to copy a file to the server, and got an "error" saying that the server did not support long file names. Is there a security setting on the Windows 2003 server that could make this happen? Thank...more >>

Hi, I was wondering if anyone at Microsoft is able to confirm the defacement of Microsoft France as well as other websites running IIS 6.0 as described at http://www.zone-h.org/content/view/4767/31/ and http://isc.sans.org/diary.php?storyid=1429 If the defacement was real, has it been de...more >>

Hi all, I was wondering why do we need to harden Windows server 2003 by applying rules like: 1.Remove any unneeded Services 2.Close unneeded ports 3.Rename Administrator account 4.Prevent users from installing printer drivers 5.Restrict CD-ROM and floppy access to locally logged-on user o...more >>

Hi, I have SBS2003. I would expose exchange web in internert and intranet. For intranet I would secure with IP filter. For internet I would secure witch client certificate. Now can I combine this methods? That is a person in my intranet that haven't the certificate can access , because the I...more >>

I would like to configure SSL for OWA as well as for Outlook clients using RPC-over-HTTP, so i installed Certificate Services (in Add/Remove windows components), then in IIS I went to the default web site, under server certificate i selected 'Assign an existing certificate' and used the new ...more >>

Does anyone know the pros & cons of having public servers in a workgroup vs in a domain? My situation is I have a couple Win2003 IIS servers, a SQL server, and a document mgmt server (SQL + doc storage) that's also an Active Directory DC. The latter is used for LDAP validation of user logons. ...more >>

Hello All, i was wondering if there exists some way to disable all system stored procedures, as they are vulnerable to attacks specially if they r not needed within any of my applications. something like, xp_cmdshell may cause attacks. i need ur help plz and will appreciate ur response and su...more >>