Currently we have our web server compleley locked down by only allowing the web server to get out to needed websites by adding a rule to the router/firewall acl. I can't seem to find a way to allow access to microsoft updtae which would need to be allowed by IP address. Can someone tell me t...more >>

I want to change the identity that IIS runs under, from iusr_computername to an active directory name. Where can I find a checklist of privileges that my new account needs to have on a Windows 2003 server? -- Arne Garvander Certified Geek Professional Data Dude...more >>

I'm trying to call the Ctrl+F function in IE using a javascript function initiated by an input button on a webpage: showModelessDialog("/website/find/find.dlg", args); I copied the find.dlg and findinc.dlg to the webserver so I could call the files from a webpage. It works perfect from my ...more >>

This is a little off topic but I am finding security in a non domain environment totally mystifying Can anyone help me. I work in a workgroup environment as opposed to domain controlled. The minute I do anything with reporting services or analysis services that is between machines I get proble...more >>

Hi I am new to understanding certificates and I have looked at a mass of information on the web, but I am still not clear as to what I need to progress. We have created a web application, which is to be accessed by our clients (about 10). We have purchased a server certificate from Verisi...more >>

Is there a easy way to disbale http Trace in IIS 6 - Windows 2003? I do not want to install urlscan. Thanks A...more >>

I have IIS 6.0 Win 2003. Most directories in the web use MS default permissions for IIS 6.0 , the relevant ones of which are USERS (Read & Excecute, List Folder.., and Read) and the Internet Guest Account server which has no "allows" and a "Deny Write". My question is: the deny write does ...more >>

Hi, I have an asp.net 2.0 Intranet app that is installed to a Win2003 Server running IIS 6.0. This production server also hosts asp.net 1.1 apps also. I isolated the two into separate application pool on the IIS. My Intranet app loads but on login authentication, for some strange reason, I...more >>

Is there a security risk of patching my web server via microsoft update while the websites are running? Or should I shutdown IIS prior to doing this? My thought is I could update the server and schedule aq reboot t a later time....more >>

hi there, i need some urgent assistance, we've installed win 2k3 standard edittion and only .net 1.1 service pack, but when ever we access our site a window pops up asking us the user name and password, we give the administrator user name and password, then it works fine and if we dont then...more >>

Hi. I need to disable the SSLv2 protocol, and am having problems. I have followed the instructions in Article ID : 187498 re: the registry modifications, but when I re-scan my server, it still shows SSLv2 as a vulnerability. Does anyone know if there is something else I can try to disable...more >>

Hi, I'm having an issue with a self signed certificate. If I import it via the "certificate" mmc, into the "Personal" store of the Local Machine store (or "user", then move it to "local machine"), then select it for use with a site the SSL does not work (connection drops almost as soon as you ...more >>

I've winxp sp2 with IIS 5.1. I want to enable basic auth: on my virtual website which is redirecting to a diff: URL. Currently the fwding of url works without asking any usrname/pswd even though Anonymous is disabled and Basic auth is enabled. However if I select "A dir located on this compute...more >>

Windows Integrated authentication works great, but when it fails (because the user doesn't have the site in the intranet sites for example) they are prompted for credentials. Unfortunatly, instead of defaulting to DOMAIN\ it is COMPPUTER\ and of course that never works. Why in the world wo...more >>

When I try to access an Web site hosted in IIS 7, I receive the HTTP Error 403.8 error message. I was told to change the dominaName attribute to be: <add domainName="[clientmachine]" allowed="true" />. However, I am not sure where I can change this attribute. In the ApplicationHost.config f...more >>

In IIS, I configure the applicationHost.config file by adding <ipSecurity allowUnlisted="false" />. And I did not put and IP address in the <ipSecurity> section. However, I still can visit the Web site that is hosted in IIS from a client computer without any problem. I have restarted the II...more >>

Hi, I have 3 servers : - An XP workstation running IIS 6 a Windows 2003 domain - An Windows file server in the same domain - An IIS Server NOT in the domain. I setup a virtual directory using an UNC to a share on the file server. Using a network mount, my account can connect to the networ...more >>

1. I have created Virtual Machine under Virtual Server R2 SP1 with Windows 2003 as part of workgroup and installed IIS 6.0 2. I could ping this machine by IP address, and I am able to access shared folder by using IP address on this Virtual Machine 3. I have a problem to access IIS on Vi...more >>

Has anyone seen before where the IUSR and IWAM accounts get locked out for no reason? I had changed my GPO to keep disabled accounts disabled until they were re-enabled but this just caused by web sites to go down because for some reason I have not been able to find these two accounts keep get...more >>

Hi, We’re using content editor (as a backend) to update our website frontend contents (WYSIWYG). The problem is that when we try to update the contents through this backend, the server is denied and gives us the following message: ” r.a.d.editor5.6.0 Another process is using the resour...more >>

I lost access to the security tab of wwwroot. I was changing the rights in the security users (security tab) then when I hit apply all folders from the wwwroot was gone. I do have administrator rights....more >>

This is with reference to previous question - "Client Certificate Auth only for certain urls handled by ISAPI filter" Ques was : I have written a ISAPI filter. It handles all the request urls and generate output. None of the urls are mapped to file system. Now I want anonymous access to m...more >>

Hello all, I have installed IIS 7. That ports I must block or that procedure I must follow to block that the users do not listen to radio by Internet? Thanks, John ...more >>

Hello all, I am implementing a test web server for my company and I want to restrict access to only my ip. Can this be accomplished with IIS or W2k3? If not, what about a free software firewall? If you have any other suggestions please let me know. Thanks, Mark ...more >>

Hi, We just installed IIS on the company I work for. Since the IUSR password is not synced with the website at default (for some retarded reason), we had to change the IUSR password ... after this the website worked perfectly fine However, a moment after the IWAM user password was also cha...more >>

We run windows 2000 server with certificate services server. For years we have used the default Advanced Certificate Request page (certrqma.asp) which was written in Classic ASP. My question is this... Does an ASP.NET 2.0 version of this page (certrqma.asp) exist or do I have to create it? ...more >>

I have an ssl.x.com website which is configured with a valid SSL certificate and a public ip address running on IIS 6.0. Now I need to have a new website called sales.x.com and needs to be redirected to ssl.x.com, so external user just need to type https:\\sales.x.com. May I know how can this ...more >>