Hi gang! I need some help here...ok, I need a LOT of help here! I've just been informed that we will be building a new Win2003 based web server that will host our public web site. To my surprise I have been directed to put all of our SQL 2000 databases on this server. My first response...a...more >>

Please help, I've got an IIS machine that is failing PCI compliance due to the 'False Logging Weakness'. the resolution states to use URLScan to translate hex codes into characters, but I have no idea how to do this... Can anyone shed some light? Thanks. ...more >>

This is perhaps a bit extreme, but I wonder if anyone might have a hint on this. I have to support multiuser/multiowner webs in multiple sites on IIS 6, which is no problem, except that they also require FPSE/Sharepoint extensions. As we know, those extensions are lame when it comes to ACL...more >>

Hi, I'm developing a web app using VS 2005 (C#) and SQL Server 2005 on Win XP Pro SP2. The app will be deployed under IIS 6.0, so I need to upgrade IIS on my machine from 5.1 to 6.0. My Windows CD has 5.1. 1. Are there any compatibility issues between IIS 6.0 and Win XP Pro, SP2? 2. Wher...more >>

I have a group of IIS 6.0 servers (Windows 2003 Standard Edition), which are all managed by a support group. The members of the support group are not Admins on these IIS servers. I am managing these servers with a single GPO. The support would like to have rights to run IISRESET. What do I ne...more >>

Hi, I'm a developer rather than a server tech and I've run into some problems configuring a website. An external provider we're using requires that a specific script be in a directory that is protected by Basic Authentication. This isn't something I've had to do before so I've been stum...more >>

Hi, I have a public server hosting multiple sites, some of which have secure certs. Recently had clients telling me they get a "Cannot find server or DNS Error" when trying to view a site in secure mode with IE, but have no problem viewing it with Firefox. Until a week or so ago, there wa...more >>

Hi In IIS 5 , while creating websites programatically, i set the anonymous pass sync (Allow iis to control password) property to true, due to which I dont have to reset the password for anonymous user even if someone changes the password from user manager under windows. In IIS 6, I repeated...more >>

Hello I'm just doing some checks on the system, and we found out that directory traversal is possible with classic .asp. It is possible using the filesystemobject. Then i tried to add specific permissions to the application pool of this website, but it still was possible to access other ...more >>

I have one web server housing multiple sites, can I use a single certificate for all the websites or do I need to apply the SSL certficate(s) to each site individually? Using the certificate creation wizard, it looks like it makes them based off a single website? Is there a way to create one...more >>

All ~ I'm trying to setup authentication on my IIS 6.0 server to authenticate users only via using a private encrypted key. Does anyone know how to do this? Or is there documenation you can point me to? Thank you! ~M ...more >>

I am trying to implement WEBDAV in an OWA server. I created a virtual directory with unc to a share in another server. I gave full access to the user who need to access the folder https://server1/webdav/testa. I keeps prompting me to logon each time I do something. when I want to open a ...more >>

Hello: I have a ISAPI DLL in my server and I want to prevent people to access it externally, only from the server itself. Ex: someone has a website on server X and their HTMLs are accessing a DLL hosted on my server. Can I prevent it? Thanks in advance... Jackson Gomes ...more >>

I am getting this error, when trying to access any of the sites hosted on our IIS server..... HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Internet Information Services (IIS) I created a new site that I can fine, I have attempted to compare the security / ...more >>

I have two windows 2003/IIS 6.0 servers that are load balanced thru an F5 networks device, an ISS security scan of the URL that is shared by the two servers is showing "SSL Server Allows Anonymous Authentication Vulnerability". How do I address and remediate this vulnerability. Thanks in ...more >>

Hi I have a certificate server running on a W2k3 SP2 server. this server is a global catalog. All user certificates are processed correctly when accessed by main root ad domain but when i tried to ask a user certificate from the web interface (certsrv), users from the second domain on my A...more >>

I am trying to administer IIS with mmc for a remote computer. I don't have the right security for that. What does my admin need to change on my behalf? -- Arne Garvander Certified Geek Professional Data Dude...more >>

I'm trying to stop hackers from trying to accessing my ftp server. I've tried to use the 'directory serurity' tab and "denied all" but the few users I want to access my ftp site. I've select "denied all but" and entered the ip address of one system and the domain of the other ex. "mydomain...more >>

Hi All... I know that this may seem very trivial, but I just can't get this to work! I'm trying to set up a redirect on one of our servers to go from a non-https page to https. The https site is already on the server. I created a second site with a redirect page running on port 80 with the ...more >>

I have a standalone Windwos 2003 Server SP1 with IIS 6.0 and WebDav enabled (a AD integraded server has the same behaviour). A Folder on the server is mounted as Virtual Directory, which has the following NTFS permissions: User1: Read & Execute, List Folder Contents, Read User2: Full Contro...more >>

I have a Windows 2003 server SP4 running IIS and a PCI scan shows up with a Cross site scripting vulnerability. The Standard M$ response was to install MS02-018.mspx but this was from 2002 and must have been installed already years ago because since the server is on SP4. Please advise if ther...more >>

Hi, I have an ASP application on IIS server: http://localhost/myApp I use ASP and a my own VB activex DLL to create a pdf file and write this file to a subfolder of the Application folder: http://localhost/myApp/pdfs 1- Over IIS I have set the "write permission" for this subfolder. But ea...more >>

Please forgive my IIS ignorance when reading this question....I am a Windows Admin and we have developers that have developed an application with asp.net. They have front end web servers that tie to a back-end database (SQL). All servers (including domain controllers) are windows 2003. ...more >>

Is there a way to get a certificate from MS Cert Server installed on IIS for Win 2003 so that it works for both external and internal names without coming up with a warning on one of them about the name? I have an Exchange 2003 server that I want to use OWA and OMA on, but securely as possi...more >>

Hi. Crossposted because the issue seems bizzare and I have no idea where the problem lies. We have a CLR that calls ASP.NET Web Service using NetworkCredentials to pass in login, passowrd and domain of a domain user. Application and apppool housing the webservice run under network service; II...more >>

We want to restrict our developers to a standard user (no administrator rights) but they need to use the full features of IIS from Windows XP SP2. Does anybody know how to do it? Please let me know. Thanks....more >>

Running as an administrator, I can retrieve the account password stored by IIS for any application pool (using the WAMUserPass property). But, unsurprisingly, an ASP.NET application running inside an application pool that is does not have administrator privileges can't even enumerate the list o...more >>

The application is a pair of ISAPI dlls running under IIS which in turn call some COM components, etc... They are set as high isolation in the IIS admin settings. This issue I saw when setting up our stuff on Server2003 is that I would get a windows login prompt while hitting the ISAPI si...more >>

sennder en prøve svar tilbake på N O R S K !!!!!! ...more >>

Hi all, I'm having an issue with Web Folders and Integrated Authentication. Basically I've an IIS 6 website setup that contains some web folders. Inside the web folders are a collection of file types including Office documents, text files and images. The website is setup to use Integrated Au...more >>

I had a scan done to my server and this came up. "Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability" The suggested fix is to upgrade to IIS6.0 , I can't because it's Win2000 std svr, it also says to disable the indexing service.. How do I do this? ...more >>

I want to use an application which enables 2 factor authentication on IIS websites i.e(http://www.phonefactor.net). Unfortunately I'm already using a portal application which does not run on IIS but am interested to protect via phonefactor. So far I'm able to do a workaround to apply 2 factor ...more >>

Hello, I've done a small web application that uses WMI wrapper (System.Management) and everything works fine on Cassini's development web server from VS2005, while retrieving the device id and model from the Win32_DiskDrive object. Under IIS native ASP.NET server I'm experiencing security p...more >>

I have a wildcard ssl that most of my sites use. I need to add a site that doesn't fit the wildcard naming scheme. I have read that I need a unique IP address for the site so the users will be given the right ssl cert when they browse the site. I created the site, applied the cert, and as...more >>

I have a web service that I want to protect using client certificates. I want to be able to map the certificate using IIS mapping to a windows user. I have successfully done this on my development server which is a 2003/IIS 6 server that is not connected to a domain. However when I try to set ...more >>