I have a web app that I wish to limit execution access to a universal security group during beta test... I've tried restricting permissions using ntfs, the virtual directory and the net.config file (which I assume will not work as this is not a vb.net app). So far, access is still univers...more >>

I am a complete novice who is trying to set up IIS on Win2k Server to do some testing. I have created a test page named index.html and put it in wwwroot. The machine name is TestServer. When I enter http://testserver in IE on TestServer I get the error "You are not authorized to view this page"....more >>

Hello, I have an IP leak problem running IIS 6.0 on W2K3 SP1. I have followed recomendations in KB218180 and KB834141 and configured SetHostName so that my websites do not return internal IP addresses. I have also configured host headers for my websites. But, my server still returns ...more >>

Hi folks, I was digging around the default permission for "network service" user and got myself quite confused. In the servers I've checked the default ACL permission on any new folder for this user is "Read & Execute","List folder contents" and "Read". However when I check the NTFS per...more >>

hi there, this has got to be a complete noob questions but it is driving me insane. I have a win2k3 server box and winxp box on a network - very simple setup. win2k3 is dc, dhcp, dns, iis and winxp is client on this domain. everytime i attempt to view webpage on server from ie on client, it...more >>

I am planning to host mulitple web site's on a single server with each web site/applicaiton being assigned a seperate applicaiton pool. For secutiry and auditing reasons I would like to assign each applicaiton pool a specific identity to for the worker process's to run under. 2 questions -...more >>

Hi, I've got a WSUS server, which has been working fine for nearly a year. For some reason, in the past month or 2, when I try to manage the WSUS service from the web console, using the server name (https://wsuserver/WSUSadmin) I get an authentication error. The authentication box pops up, ...more >>

Hi all, I have an ASP page on a Win2003 IIS6 server attempting to write a text file via a virtual directory setup to point to a UNC share on another Win2003 server. When the code attempts to create the text file, I get a 8007052e error - bad username or password essentially. Both servers a...more >>

Hi, I setup a CA server on Server 2003 (active Directory) with exchange. When I access exchange through Outlook from home, I get the error "The server you are connected to is using a security certificate that could not be verified and certificate's CN name does not match the passed value" ...more >>

Hello, I have created a web service name "TestWS" using VS.NET 2 and published it to my SBS2003 server that uses IIS6 as a web server. I have set NO anonymous access to TestWS virtual directory and I have created a simple user account from the User template with the name of "MyUser". Pr...more >>

I'm the web dev for a 200 person company, everything herein is in our corporate domain. We use Kerberos authentication - the domain controler is a win2k server. In short I have an Intranet server (win2k) hosting a .net 2 application and a test server (win2k) hosting a classic asp page. Both...more >>

Greetings, I have an asp page that allows me to start and stop services on my windows 2000 server and run some batch files as well. Now that we are upgrading to windows 2003 this page is not working. I have changed the security parameters on IIS 6.0 but still I cant run my batch (I am using...more >>

Sometimes we got an error (Not enough storage is available to complete this operation) from one of our servers which on win2000 sp 4 iis5.0 (all hotfix installed) sql server sp4. mdac 2.81. It occures random and we could not find the error reason. When the error occured the server cpu or mem or I...more >>

Hi I started to get this error after I inserted tables into my index.htm page. I have a small form (username/password) that runs to a small .asp page which then redirect based on information provided. I read a couple of post regarding this situation and it talks about installing a perl CGI sc...more >>

I need to be able to access AD to authenticate users coming to a .NET application running on an IIS which is in the DMZ... Here are the details: My .NET app resides on a Win 2003 Server with IIS6 in the DMZ of the firewall Win 2000 AD tree can be accessed through a dedicated server via IP...more >>

I have a website on Windows 2000 server with only IWA enabled. I can log into the site just fine, but if I type a bad password I get an HTTP 500 error. I can't figure out why I'm not reprompted for the password at least another time or two. I turned off "friendly errors" in IE and I now get ...more >>

Our web servers run IIS5 and we also make use of the Microsoft URL Scan utility: (http://www.microsoft.com/technet/security/tools/urlscan.mspx). By default Microsoft's URL scan utility blocks a number HTTP Methods including "HEAD". We have a number of clients concerned that blocking the HE...more >>

I know you can suppress the ftp banner in IIS 6.0 - but how do you suppress the http banner from displaying the web version? I was able to do it back in IIS 5, but it no longer works in IIS 6.0 (W2K3 SP1). We usually get written up about this during Security Assessments but the security vendo...more >>

This applies to IIS 6.0 with all current service packs at the time of this post. If you set the file permissions for any default page in a directory they will be overridden by directory permissions if the web request does not include the file name. www.abc.com/mydirectory/ Will use direc...more >>

Folks, I have 3 url's webmail.a.com, webmail.b.com and webmail.c.com pointing to a single public IP. I also have 2 OWA FE servers doing NLB with a single default website. We would like to purchase an SSL from Thawte and they told us that we need 3 public IP's an public IP per domain name. Als...more >>

When user installs certificate, he is able to access the secure website. But after he reboots, the certificate is no longer present. What can i do or look for to resolve this? Your help is much appreciated. Ken ...more >>

Hi, My Setup Server A is a W2003 server provinding sharepoint services. Using ssl 128 bit ssl. Server B is my mail server providing 128bit ssl owa. When Uses connect (externally) to server a they logon as expected but if they cllick on a hyperlink to Server b OWA services they are propmeted...more >>

Hi, I have an intranet site that is set up using ssl 128bit encryption (using my own certificate server- windows 2003 server (so thats iis 6.0) The name i used set for the 'issued to' part is its fqdn (intranet.domain.co.uk) when using the FQDN (https://intranet.domain.co.uk) it works ...more >>

Will installing Urlscan on IIS 4 & IIS 5 servers protect them from Trace/Track vulnerabilities by default or do I need to configure Urlscan to do this? Thanks!...more >>

I have a new Windows 2003 server with IIS. I have set up the default web page with anonymous access. Everything works fine for a day, but something happens overnight and my anonymous access quits working. When I try accessing the site, I am asked for the user id, password, and domain. If I...more >>

I'm trying to install MySQL on a Windows 2003 server. But port 3306 doesn't seem to be open. When I give the netstat -an command, I don't get any information about port 3306 There is no firewall running on the machine. So I'm assuming that port 3306 is being blocked by IIS 6. Can anyone g...more >>

We have replicated Novell users from E-directory to MS Active Directory so that when the users login using NovelID on novel netware will get authenticated on IIS where only windows authentication is turned on. But doesn't seem to be work. Do i need to do anything to make it work? Or is there...more >>

We have many different files on our server ".dat", ".exe", ".template" plus other custom file extensions. All these files on IIS6 (Windows 2003) seem to give a 404 when trying to download them. We have the folder set to "None" execute permissions and it is set for "Read" permissions. Is ...more >>

How can I get IP address of the requested client? When I am using request.servervariables('remote_addr'), I am getting public IP, but not the actual client IP. My application is hosted on public IP 202.63.107.242, and through IP forwarding it was being redirected to 192.168.100.147. How to ...more >>

The documentation states that the IUSR account by default has Read, Execute NTFS permissions to the web site folders: http://support.microsoft.com/?kbid=812614 I have done many default installations and it does not. It just has a Deny Write. Any comments? Is that just a straightforward docume...more >>

I am the server Admin for a webmaster who designed a site in Straight ASP using SQL Server 2000 SP4. I am not a literate ASP programmer and the webmaster is not very experienced in this area either. So, I am soliciting some assistance with how to having non-informative ASP error messages ...more >>

I recently had a vulnerbility test conducted on one of web servers and the recommendation that was made to us that web server server type was detectable as Microsoft-IIS/6.0. The conclusion was this is a vulnerabilty. The recommended solution was to configure the server to use an alternative...more >>

An outside company has informed us that our IIS 6.0 serve is below the current service pack level. They are reporting that we are running IIS 6.0 - w2k3 build 3790. Is there such a thing as a service pack for IIS and if so how can I find it...more >>

Is it possible to create a secure SFTP site within SBS 2003 Premium? I've deployed the following - http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows and wanted to know if Windows had the same capability as opposed to inserting this puppy on to the server. ...more >>

Hi, I was using windows 2000 server before with IIS-5. Now i am just sifted to windows 2003 with IIS-6, In this i am facing problem with the ecurity settings when i am trying to run a web site which is working fine on the other 2000 server it gives me an error which is as follows : Sys...more >>

We are planning on building an Intranet/Extranet for our payroll application. The idea is to use AD integrated IIS security for internal users to automatically identify and authenticate them on IE access, and use ADAM for clients. The architecture will involve an internally hosted web server...more >>

Hi there, I am having trouble getting an ASP.NET web application to connect to another computer and passing the proper credentials and I hope someone can help me. I have a stand-alone Windows 2003 Server, ServerA, running as a Web Server that uses ASP.NET. The default.aspx file tries to ac...more >>

Hi, I have a Win2003 Server with IIS 6 in an intranet environment and i want to use basic authentication (that works fine) and only one special local user to be able to log in. can anybody describe me how to do that? Thanks a lot Gerhard ...more >>

We have an application that uses an ISAPI dll that we are moving from IIS/NT 4.0 to IIS 6.0 on Windows Server 2003 SP1. We are using basic auth and SSL. When I attempt to login and execute the dll the login prompt appears three times and I receive the '401 3 5 - Unauthorized: Access is denied...more >>

In IIS 6.0 on W2k3 server, I created a certificate request for a site, and sent that in to get the cert (I still have the .txt file that was generated). Now the bad part..... The site got deleted (it was just a temp site so I could get the cert, so there are no backups) When the cert ...more >>

We are developing a web app using II6, ASP .Net 2.0 on a Win2003 box. We are using VS2005 and building for .Net 2.0 framework. We set IIS up to use integrated security. However when I access the application through IE, it cannot connect to the server. When I check the SQL Server logs, I see a ...more >>

Hi, I've been using SelfSSL before to secure web sites in IIS 5 and 6 using https, and it works fine. Now I want to secure two web sites on the same server. Each site has it's own IP address, but I can't get both working at the same time!(?). If I generate a cert for site 1, site 2 stops work...more >>

hello newsgroups i have a intranet-server (iis 2003) in our intranet. the server is member of our domain. on this intranet-server is a web running with "disabled anonymous access" and integratet windows authentication. if a user (with IE6) go to this intranet-web, always appears the login-...more >>

Hello, I want to know what file access permissions must be given to the following file types in a dynamic Website which is to be hosted 1. ASP/ASPX 2. HTM/HTML Also as there are large number of files in a website, is there any procedure to give permissions collectively or permi...more >>

I am running Windows Server 2003. I'm getting tens of thousands of scripted attempts to logon through IIS. I've got green checks all through my Baseline Security Analyser and I'm running Windows Firewall. I get this event: Logon Failure: Reason: Unknown user name or bad password User Nam...more >>

Hi, I have a problem with passing the default credentials from an ASP.NET web application residing on 1 web server(IIS) to a web service residing on another server(IIS). Below is the complete description. The problem statement for the double hop issue in our product Email Manager Mainte...more >>

Environment: IIS6.0 Windows 2003 R2, Windows 2003 level domain. Everything standard. 1) The Microsoft security guide for IIS6.0 says that the IUSR account needs Log on Locally rights. 2) The Microsoft group policy Enterprise security template for Member Servers removes this right. When the...more >>