Home All Groups Group Topic Archive Search About

IIS Security

microsoft.public.inetserver.iis.security
Score SMTSVC ?
razornt - 25 Mar 2005 9:45 PM - 4 messages
Someone is trying to hack our server via SMTPSVC. When I view the event log (system) I see Event ID 100 SMTPSVC and a login attempt. However, when I try to match the Event log time with the SMTPSVC log time nothing matches. I want ...
Score IIS 6 Write to the Event Log
JT - 25 Mar 2005 5:31 PM - 2 messages
I have an anonymous access web service that is running as IUSR_machineName.  This application is set up in IIS 6 running in an application pool under the network service account.  I understand that this network service account is low privledged. ...
Score Block sites linking to my site
basin - 25 Mar 2005 4:41 PM - 4 messages
We have a site that has a "sample request " form where future customers can order sample of some of our paper.  Well, apparenty some people found it and posted it on sites such as freesamplesite.com and fatwallet.com.  So we have ...
Score Values of the performance counters in the WebCAT Test
sampanna - 24 Mar 2005 4:01 PM - 1 message
Hi I am using the WebCAT for checking the peroformance of my server. I am getting the result in the .log file. But i am unable to understand that whether these values are acceptable or not. Please let me know where I can ...
Score processing a CA certificate if initial pending request is deleted
Eddie - 23 Mar 2005 10:51 PM - 5 messages
Hi, needed some assistance or affirmation.   I am in the process of installing a SSL Certificate for our web server and deleted the original pending requested that matches a certificate that was obtained from the CA.  Is there a way of getting that back into IIS from the original saved request ...
Score How do I disable http traffic
Andre - 23 Mar 2005 9:19 PM - 2 messages
I want https to be the only option on my webserver. How do I disable http/80? ...
Score Adobd errors Permission denied IIS6
Infodon - 23 Mar 2005 8:47 PM - 4 messages
Ok here is the situation we have recently upgraded our 2000 server to 2003. We have several Virtual directories that authenticate anonymously, everything was working fine on the 2000 server. Now we experience errors when loading asp pages pointing to either mdb or sql, unless I perform the workaround ...
Score RE: Database access using SQL 2000, ASP and IIS 5.
Infodon - 23 Mar 2005 8:37 PM - 1 message
Have you established the anonymous user account in SQL server?? ...
Score 401.1 After IIS6 Setup
WebGuyBob - 23 Mar 2005 2:23 PM - 6 messages
Hello, folks. I have setup literally dozens of IIS6 Web sites and just ran into subject problem.  I read the following from Mr. Wang in a German IT forum: "401.1 means that the username/password that you gave to IIS for ...
Score how do i disable anonymous users and add a new user?
Rob White - 23 Mar 2005 2:13 PM - 2 messages
I’m trying to write a script for IIS 5.1 (hosted in XP embedded). I need the script to change the root of the ftp service to “c:\directoryname”, enable both read and write access and lastly allow only a sinlge user access to the ...
Score AC & IIS6 & Hosted sites problem
Rany M. Sabry - 23 Mar 2005 11:47 AM - 1 message
Hi all,     I'm a having a problem, we have a IIS6 shared on six servers W2k3 Enterprise Edition synchronizing the settings using the Application Center 2k SP2, and it works fine and the replication between servers is ok. ...
Score AES 256-bit Certificate
Nick - 23 Mar 2005 3:55 AM - 7 messages
I am seeing that many websites are using AES-256 bit certificates.  Is there a way to generate these using Windows 2000 Certificate Server?  If it is not offered in 2000, is it available in 2003 Server? ...
Score multiple SSL sites on single IP/port
yaponamat - 22 Mar 2005 7:47 PM - 4 messages
Hello, I`d appreciate help with the following scenario: I have a Sharepoint installation, obviously on top of IIS. We generated several sites via Sharepoint, that are accessible as third level domains: home.ourdomain.com project1.ourdomain.com, project2.ourdomain.com etc. They ...
Score Front Page Server Extensions: Change Port?
Fao, Sean - 22 Mar 2005 6:07 PM - 2 messages
Hello, I started a new ASP.NET Web Service project in VS .NET 2003 on a remote web server and the only way I could get it to work was by installing the Front Page Server Extensions on the server.  I feel very uncomfortable, ...
Score Local Groups
bho - 22 Mar 2005 5:16 PM - 2 messages
I have a number of pre-existing local groups on my Win2k3 box and I want to use them for authentication via IIS. The problem is, I can't add those groups to a site because IIS wants to create it's own local ...
Score IIS Security Risks & Vulnerabilities
Roger Cox - 21 Mar 2005 10:47 PM - 2 messages
I am a web developer needing IIS to develop web pages on my PC. I am trying to get IIS installed on my PC within a fully developed network (e.g. DMZ, Firewalls, Network Servers, & Security). According to the network team, IIS poses too much of a threat to be ...
Score OWA Exploit
Rex Young - 21 Mar 2005 9:22 PM - 5 messages
[link] Anyone have a fix for this? ...
Score Client Certificate accessability
Joel - 21 Mar 2005 8:47 PM - 1 message
I am able to access my secure website from my internal network, but from the external internet I get a 403.7 Forbidden or a 403.13 revoked error, I have checked my firewall and it allows incoming and outgoing on port 80 and 443, ...
Score Integrated Windows Authentication Error,
Arthur Nyunt - 21 Mar 2005 6:25 PM - 3 messages
Hi, I have three w2k3 servers (live, staging and development) currently being setup to service our Intranet. I have built the servers is an identical fashion and use Integrated Windows Authentication to determine who can see  certain links on the page. ...
Score Login security issue.
Michael - 21 Mar 2005 4:43 PM - 3 messages
I've setup an ASP page to allow users to change their password from a website in ADS.  The script I have is working, I can change the password, then login with a workstation with the new password and the old password ...
Score Re: IIS metabase permissions when creating new VirDir's
Jason Brown [MSFT] - 20 Mar 2005 5:25 AM - 3 messages
The queue idea is a good one, but possibly overkill. You could run the individual script or virtual directory under the context of a different user account, but you'd need to be careful of who can access it, by requiring ...
Next »