I'm sure Ken knows this, but I'm trying to figure out if it's possible to have a user just type in their AD account when using Integrated Windows Authentication and IIS 6. I turned off anonymous logins so it would prompt me and set the 'DefaultLogonDomain' metabase to 'DOMAIN'. When I tested...more >>

I have to create an intranet site for my domain user only. I don’t want to give anonymous access .that why I remove the anonymous user and keep it as basic authentication .and tried Digest also. But the problem is still as on. Our requirement: if user login As Domain user then he shouldnâ€...more >>

I run IIS 6.0 under Windows 2003 Server. About two months ago, I changed my default FTP site access to deny access to all but specified IP addresses. It's been working fine until now. I just entered another IP address, using the same method as before (in IIS Manager), but it won't allow a...more >>

A few months ago I removed the Virtual Directory IISHelp from the Default web site on my IIS servers, as a recommendation in the Microsoft Baseline Security Analyzer. All of this was part of the configuration of new W2k3 servers that we were migrating to. Now one of our develoipers is having...more >>

Hi, Is anybody knows how to solve problem with vista (family edition) to get Certificat from a server 2003 'Certsrv' website ? The activeX could not be installed, also it's works properly with XP Pro, W2K ? David ...more >>

I am trying to run multiple SSL enabled websites on a single IIS 6 web server on Win2003 Ent Edition in a test setup. I am using a Internal CA service on one of my Windows 2003 server. What I noticed was that IIS 6 does not allow us to run multiple SSL enabled website on the same default ss...more >>

Hi all I set up a IIS 6.0 sever a while ago when we were young and innocent and decided to implement a few simple security baseline for the intranet web site : Integrated security on all the web sites "authenticated user" with read access only on the files "dev_group user" with write acces...more >>

Hi, I have a Web site configured to run in a custom application pool. The pool identify is set to a domain user. I can change the users password using IIS Manager, but is there a command line method ? Thanks ...more >>

I develop a web site using VS 2005 in C# using login webcontrol. I have problem during deployement onto IIS 5, authentication works if I use IP @, but not with dns name (on internal network) on my local computer (XP PRO). I've got a simimlar problem with internet network on a server 2003 and I...more >>

IIS 6 SQL Injection Sanitation ISAPI Wildcard at http://www.codeplex.com/IIS6SQLInjection I created an ISAPI dll application to prevent SQL Injection attempts by intercepting the HTTP requests and sanitizing both GET and POST variables (or any combination of both) before the request reaches...more >>

Setup w2k3 server as a DC Certificate services (run my own CA, stand alone) Configured IIS to use secure channel (port 443) and certificates During installation no errors, I am able to obtain a certificate from the server, but I am unable to connect to the website "webpage not available" Che...more >>

Windows Server 2003. I am running IIS on my server and hosting four of our web sites. One is Exchange Server (OWA). Two others are sites which do not require authentication. I just created a new site that tries to use Active Directory authentication (I created it using Visual Web Developer...more >>

Hi all, IIS6.0 Windows 2003 SP1 two computers no domain. I have an issue with connecting to a UNC virtual directory. I have a webserver, this server needs a virtual directory to upload content in to a UNC path for storage purposes. These are two systems without domain only local user...more >>

We have had results from a pen test and they state that we have TRACE HHTP enabled and also the OPTIONS request returns GET, HEAD, POST, PUT, DELETE,TRACE, OPTIONS, CONNECT We have disabled TRACE via the registry (EnableTraceMethod = 0) I have installed urlscan and allowed only GET, HEAD, PO...more >>

Hi, Is there a way to enable "security" cookie property? Someone mentioned to me that we can make an application's cookie more secure that way. I assume that it's a setting in IIS. I'm running version 6. thanks! ...more >>

Hi, We've got a Wiki setup on one of our member servers (win2003 std edn) for providing information to our users. We also have some documentation stored on our main file server (also win 2003 std edn), which is usually accessed via a mapped drive, i.e. M: = \\server.domain.com\manuals. S...more >>

Hi All, I am stuck and could use some help. For some reason, none of our domain users can access our webpages unless they are added to the Administrator group on the Web server and I can't figure out why. This just started happening recently. We have a local group called Users that conains...more >>