I use Microsoft Product is Windows 2003 Standard R2 Service Pack 2 for my server , But my server is hack delete file at c: and c:\windows ,i Check it share c$ , d$ , Admin$ , IPC$ i disable share c$ , d$ but when i reboot it enable automatic . I resolve this ploblem by registry ...more >>

I don't know whether this is a problem with Vista, IIS 7, or my brain, but I cannot reproduce a setup I like working with on XP on my new Vista system. The HTML files are checked into a project in Visual SourceSafe 8, with its working folder set to C:\inetpub\wwwroot, or subfolders thereof. ...more >>

Good morning, I've trolled most every forum and venue possible for this information, and have come up empty handed thus far, so forgive me if I'm reposting a previously answered question. How can I check that little box that says "Anonymous access" in a webshare/site's configuration, wit...more >>

I have an asp.net web application that posts either GET or POST http requests to another asp.net web application. I am using impersonation (domain account) in the 'Client' Web app. The Client and Server Applications currently reside on the same server And within the same application pool (using the ...more >>

If a web application runs under an Application pool, does that mean that the application is impersonated as the Iaccount specified in the Identity tab of the application pool? If impersonation does in fact - exist at the application pool level, I presume that setting the Impersonation values in the ...more >>

I have an ISAPI dll that uses basic authentication, validating users in a local database. I want to fist try and authenticate users using windows authentication; if this fails, (ie they do not have a windows account), I want to use the previous method of authenticating. How do I do this? Ca...more >>

Hi, I'm doing an HTTPS post to an ASP page on IIS 6.0 on Windows 2003, and in the Web logfiles, I'm seeing the following error: /GET my.asp|21|c00c023f Also seeing following message: "This method cannot be called until the Send method has been called". Can someone tell me what this err...more >>

I am using IIS 6 and would like to know the best practices for securing an area of a public website. It is only one directory structure that should require a username and password. This server is not connected to any Active directory. Can someone please point me in the right direction for a...more >>

Hi, Can anybody let me know what the current 'best practise' is in regards to the Default Web Site? Depending on who I speak to I get a different answer, therefore, I am trying to find where it is defined (whitepaper, KB article etc.) Is it best to delete the Default Website or disable ...more >>

I have a need to disable low-grade encryption on a web site, which requires SSL on certain pages only. For those pages, I want to force 128-bit SSL. IIS 6 only allows me to force 128 on the entire site, rather than forcing it only when SSL is called on a page. I found KB article 216482, des...more >>

I posted this in the IIS general discussion group but got no responses. I've now seen this issue on three IIS systems and figure it might be worth posting to the security group. In W2K3 SP1 running IIS6 the list of trusted root certificate authorities has grown too long... EventID 36885 ...more >>

Hello, and thanks in advance to anyone who's got any ideas on this. I have a web server with a web site that is supposed to provide access to documents. The documents are stored on a different server than the web server. The website is running an ASP.Net 2.0 web application which contains ...more >>

I have messed up a Windows 2003 Web Edition server by turning off DCOM. Apparently IIS uses it heavily and after a reboot the machine is hanging and the desktop does not draw for any user including administrator. I disabled DCOM by using DCOMCNFG and unchecking the enable DCOM on this computer...more >>

I have a webserver that is not part of a domain. We have localized accounts on this server. I am trying to have a way where the users password will change and will be prompted to change it. I have used the iisadmpwd virtual directory, but you have to actually go to that page to change i...more >>

Hi, One of our customers had their 2k server hacked, and of coursed didn't make a backup of the ssl cert. We have the CSR and the .cer response file from the installation. There must be a way to re-install the cert without the .pfx backup file??? Thank you in advance for your help ...more >>

We have a set of 4 servers running our external web system. These machines are NOT on our domain for security and performance reasons. We have a seperate (5th) machine which runs our local office network, Active Directory, etc. Normaly, we've had no problem keeping this particular intranet sit...more >>

Hi, I'm not sure if this can be done but I'd like to do it. I would like to block all links to my website from a particular website. The IPs accessing the webpage will be different but the external web page address is the same. I'm using IIS 6.0 on a Windows 2003 server. I am not a web a...more >>

I have a web server with Win 2003 Server and IIS 6 installed with the HttpAuthentication update KB 904942. I installed IE7 on the windows 2003 server. The website uses digest authentication. I used the IE7 installed on windows 2003 and it was able to authenticate the user successfully on th...more >>

I'm having a really wierd problem with client certificates on IIS. I can't see what might have changed, other than I applied a couple of MSXML patches to the box, but overnight, one of my webservers has stopped recognising client certificates from our CA. Stopped as in this worked fine one day...more >>

Hello, we have the following scenario: IIS 6.0 on Windows 2003 Web-Directory and ftp-Directory use the same physical ntfs folder. For one user (Active Directory) we have a a secure web appliation (SSL) to upload/download documents (the NTFS permission for the AD user must be set prob...more >>

Good night, here my problem: with outlook 2000 I publish a calendar web page on a client IIS (W2K SP4 ITA all patches). I would obtain the access to this web page to the users belong to officeA group, only. All other users haven't gained the access. I look for a method to get it but I don't ...more >>

I have IIS server in my network domain. My web application is accessible by all the users in the domain. All users must logon to the domain/active directory. What I am trying to achieve is to capture user id used to logon to the active directory whenever a user access the web application in the ...more >>

I have IIS 6.0 set up on a Windows 2003 server. I have installed a Web site and am using Basic Authentication for Domain users inside or outside the LAN to access the site. This works however, the navigation of my web site is such that the user starts in parent .htm files that are apparentl...more >>

Hi, We have just deployed a new Exchange 2003 server on a Windows 2003 Standard SP1 box at work and are experiencing problems with OWA. By default OWA uses integrated authentication which works fine on all of our other domains but on this fresh install in a new domain isn't working. We are ...more >>

Hi guys, Hopefully someone can help or at least confirm what I am thinking here. Here is the situation: We have built a new webserver with Windows Server 2003/IIS 6.0. We have the default web site set for anonymous authentication. We then a separate section for employees which require...more >>

Hi, I am using a 3rd party product in my ASP.NET (Framework 2.0) web application. The product comes with 2 DLL's, a COM DLL (say, abcCOM.dll) and another DLL (abc.dll, which I am guessing is being called by the COM DLL). The COM DLL must be registered. The ASP.NET page invokes the DLL using...more >>

For some time I've been searching for a solution to what is likely a common customer request: In a 'mixed' website that contains content from other sites, don't trigger the SSL alerts going to/from https or when displaying the content from other sites. By 'mixed' I mean the site contains bo...more >>

I know tha aspnet user account is only created when IIS is configured, but what is the default password? Thanks, topokin...more >>

I need to place an openssl generated RootCA in the system trusted store. The certificate is always being placed in the logged on users trusted store when using the certificate installer. The application I have written using SSPI requesting client certificate authentication will not allow the b...more >>

Hey all, I'm currently about to deploy a Sharepoint 2007 website (obviously on a Windows 2003 Server - IIS 6.0), and was wondering if it was possible to change the login prompt default domain. Right now the prompt defaults to the domain name of the webserver, but all users actually come f...more >>

Hi Everyone, On a Vista machine I have installed all options for IIS including the compatibility sub features. But a regular call like the following Set IISOBJ = getObject("IIS://LocalHost/W3SVC") gives me error 70 - Permission denied. I am logged in as the administrator. Metabase doesn'...more >>

Hi all, Here is my situation. I am running an IIS 6 server on Windows 2003 and MySQL. The web site works great for many weeks, and then boom, the web site's connection to the MySQL gets hung. The non-MySQL dependant web pages come up just fine, but the ones accessing MySQL timeout. ...more >>

Hello, I'm running Exchange 2003 SP2 on WIndows 2003 SP1 standard. I connect my clients using RPC over HTTPs using the certificate I created on the exchange server. I am able to connect clients running Windows XP and Office 2007 without issue. However I have tried to configure a Vista...more >>

Hi All, I just got tasked to build an IIS server for entering credit card orders for a company. The software is commercial and says it need w2k3 and iis6. It does not mention anything about security software. The order software also has to be on the inside of the firewall, as it has to...more >>

We have some ".pcf" files we would like to store on our IIS6 server. However when we go to access those files IIS generates a 404 error. Upon investigating it seems like .PCF is some sort of Microsoft Commerce Server configuration file. Unfortunately this same extension is used by non-micro...more >>

Hi I have a IIS server configured with SMTP in a public ip address. SMTP i have configured with "openrelay" which is vulnerable for the security threats. Please tell me how to close the SMTP open relay in this server without specifying a IP address or address ranges. Becouse there are some...more >>