Hi, I have a web server runnig IIS 6.0 and need to block that a user can list my drives and navigate in folders using an ASP code. The example is in http://paludo.no-ip.org:9090/teste/drive.asp I know that it can be done disabling FileSystemObeject by running the following regsvr32 scr...more >>

So I've checked out the various topics here (e.g. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/bc0c4729-e892-4871-b8f3-fcbf489f2f09.mspx?mfr=true) but somehow my simple "hello world" cgi app does not execute. All it does it output simple html. The funny thing is that...more >>

I have a single domain runnign Server 2003 standard SP1. I changed the domain admin password today. I am using a client software called IP Sentyr to monitor the IIS service. It can no longer check the service indicating authentication failed. Do i need to make adjustemts to IIS to reflect ...more >>

I have a server 2003 standard SP 1 enviroment with a single domain. I just changed the admin password for the domain and now it appears IIS authentication is having a problem. I use a program called IPSentry Sentry to monitor the IIS Admin service. It now cannot check the service stating a...more >>

Hello... I'm prety sure that this problem has todo with IIS security. I have the following problem. I set up CRM 3.0 on a Virtual PC Server inside a windows 2003 server. Inside the VPC the crm server behaves correctly, I can open Internet explorer and connect normally. Now, when conne...more >>

We are currently having an issue with Front Page Permissions. We are using Windows Server 2003, IIS 6, Front Page Extensions, and are using the Share Point Admnistrator that installs with IIS 6/FP Extensions. The problem is this. If I add a user to a Front Page Sub Web and grant them autho...more >>

Hi, I've set up a website to use HTTPS SSL connection. It works right, except that at loading of the main frameset, IE show up a warning: "the page contains protected and non protected objects"; so the user have to click "Yes", and the SSL symbol disappears from the browser... I've searched ov...more >>

I am running the Report Services website on IIS6 on WIndows 2003. When I browse to the /reports website on the server, I get a message in big red letters saying that the server is not avaialbe and that more info is in the event log of the server. When I look at the server's Application event...more >>

I'm working on a webservice that excepts a batchfile as a parameter. When i do a post to this webserver using unsecure http connection, i works fine. Now when i configure IIS for the production enviroment i get an error when the request is to large (We have not actually tested the threshold,...more >>

I am using a development machine with Windows XP SP2 and I am trying to use Basic Authentication. I get the message, “The server localhost at localhost requires a username and password.” I enter my username and password, three times before getting the following error message. HTTP 401...more >>

Hi, Is it advisable to rename the IUSR_ComputerName and IWAM_ComputerName. As i want to do it and change the passwords of this account as the per the organization policy. As i am aware that IUSR_ComputerName is used accross all the website and ftp sites. is there any other area that this ch...more >>

How should the IIS permissions be set-up for a local intranet to allow local domain users who have been authenticated to the AD to automatically be recognized and authenticated w/o having to sign-on ? We tried adding Domain Users to the File Permissions and then using the Windows Digest Aut...more >>

Hi, I have an intranet website using IIS 6.0 on a Win2003 server. It was written in ASP.NET. In the IIS manager, I set up Authenticated access to "Digest authentication for Window domain" with a valid Realm (with a valid domain) This works for everyone except one internal user. And the cred...more >>

Hi, Could anyone help me with this. I am testing a .Net 2 application that creates a user in AD. It also has to create a shared folder on a remote server. I'm testing this on a Windows SBS 2003 machine, taking the same server as "remote" server, by using the UNC path when creating the directo...more >>

We are running a large website on Server 2k3 and IIS6 and we are having a huge problem. We have some users that are browsing our site from behind what appears to be a proxy server and when they visit the index page of the site (which has over 100 inside links) the proxy server attemps to op...more >>

I need a site that one part works with Anonymous IUSR authenication and another part works with Integrated Windows authenication. I have it all setup and it all seems to work ok except when a user goes to the part that uses Integrated Windows Authenication(user types in his username/password ...more >>

Hi All, Please let me know how to update IIS Service pack, I have update windows 2003 SP 2 but still I'm getting error as below: Synopsis : The remote web server is running Microsoft IIS. Description : The Patch level (Service Pack) of the remote IIS server appears to be lower than the cur...more >>

As I understand it Forms Based Authentication is simply layered on top of Basic Authentication. I have a server with Outlook Web Access (https and using FBA) on the /exchange virtual directory and another virtual directory that uses normal Basic Authentication. If I log into OWA (FBA) an...more >>

We are having a problem with IIS 6 and authentication. I was reading through posts on this newsgroup and found a recent discussion between Brent Magnant & Ken Schaefer. Brent's problem seems to be the same as mine, but I do not see a resolution for him! Users who are in the office authent...more >>

Can someone please tell me how to redirect all URLs like http://App1.company.com/sites/OLD/* to http://App2.company.com/sites/NEW/* in IIS 6.0 ? ...more >>

I am setting up a 2003 server to replace a 2000 server. I have transferred an IIS web site and set it up identically. Part of the site is secured by NTFS file and folder permissions. All of the content in the protected part of the site is accessible to users with proper permissions as expec...more >>

I am an admin - not a developer - but I have a prob (I think) IIS servers are stand alone (no domain) 2K3 servers web sites are fairly default IUSR account being used - IUSR has the usual directory permissions - and Igranted NETWORK SERVICE directory permissions as well All sites requir...more >>

Hi All - Our Dev team is going to start building some upload data transfer capabilities in some apps Login, click upload - browse & then upload So on the server - that means a write access - what is the safest way to do this ??? keep the upload directory outside of inetpub & lock do...more >>

Hello All, I asked this question in the generic IIS group, but I did not get a response, so I am posting it here as well. Apologies if you have already read it ... I have googled a lot of pages on this problem, but I have not found a consistent response. Most questions about this seem to be...more >>

I have an IIS 6 server on Windows 2003 running in an AD domain attempting to enumerate the files on another Windows 2003 server on the same domain. The code and UNC path are sound as it works if I set anonymous access and enter domain credentials in the page properties but if I check "Integra...more >>

IIS 5 security issue CDO is installed on web server Scenario: In an asp page users are authenticated throug the integrated windows method a connection is made to a remote exchange server "strProfileInfo = strServer & vblf & strMailbox Set objSession = Server.CreateObject("MAPI.Sess...more >>

How can I set up IIS to accept authentication from a client POSTing to my website with their username/password in the URL? Right now I have Annonymous turned off and Digest turned on. The user account has read/execute privileges for the virtual folder. So they are sending me this http://...more >>

Hi I'm running windows xp and i'm trying to get a web server cert (to run ssl) from a CA installed on my network on windows 2003. The CA on the win 2003's machine is working because i've managed to install a cert on the iis on that machine, but when i try to make a cert request from my xp mac...more >>

Hi all, I need to grab the domain user credential to pass it to Apache without prompt. All works if I use the host name (IWA and some code), IIS still prompt for credential if I use the FQDN. I need to use FQDN because we manage a huge WAN made of 1 parent domain and 120 child domain and we...more >>

Any pointers on what I've missed would be great: Windows 2003 IIS, domain functional level is windows 2003 (forest still at 2000). Have set UseDigestSSP at the w3svc level to 1 via adsutil.vbs w3svc/useDigestSSP1 and checked with Metabase Explorer tool that correctly set. Set the website to...more >>

Hi, I have a problem, I have some users trying to crack my administrator password by attempting dictionary attacks on my ftp server, I am seeing 100's of failed login attempts within my ftp logs, all of them using the user: administrator and a failed password. Unfortunately I have several ...more >>

Hi, For Kerberos authentication to work on Windows Server 2003/IIS 6 with IE 6 client, does the w3svc service need to run under a domain account, or is Localsystem OK, too? My IIS does NTLM only, and I can't figure out why... Thanks, Ronald ...more >>

Hi I have read a lot of articles on how to configure delegation correctly to enable me to use IWA to gain access to an IIS site which is based on a shared folder located on another computer in the domain but it doesn't let me in and was wondering if someone knew why. This is a pure 2003 dom...more >>

Im trying to lock down a directory on my web server with windows authentication. Permissions on the actual folders are fine. However when Im prompted for username/pwd only accounts in the local admin group of the server work. I really do not want to add any more accounts to the local ad...more >>

Is BBBBBBBB some kind of a code in Internet programming? I have an intranet site which shows this in the header, but the actual code does not include it. Sometimes it's there, sometimes not.. is this some kind of spoofing or what? please help.. I also found this one posting from Yahoo.. th...more >>

I am trying to change the user credentials for an App Pool. I have created a new user and added the account to the IIS_WPG group. For the site in question I have set the ACLs so the new user has full control over the folders/files used by the site. Then I changed the login credentials in the App ...more >>

Hi, There is some strange file that are on the root of different website. Some of my friend told me that it is a IIS6 security hole. Does anybody have a solution ??? It's just html file. Like those : default.html tromnk.htm The content of those file was : Ir4Dex Back By Zakix yo...more >>