Home All Groups Group Topic Archive Search About

IIS Security

microsoft.public.inetserver.iis.security
Score Understanding W3SVC1 logs
Vic - 17 Mar 2006 8:25 PM - 2 messages
Could anyone point me in the direction of a knowledge base or good book that will help in understanding suspicious looking entries in the logs? I use iis 5, fully patched, anti-virus installed, updated daily and scanned daily. For example, GET /webcalendar/tools/send_reminders.php ...
Score IIS Manager on remote computer
Drew - 17 Mar 2006 7:46 PM - 4 messages
I have installed IIS manager on a central machine and made an MMC with IIS for several web servers.  It connects and shows me everything including websites.  On some servers, when I click on a website it says "This site ...
Score Local Server Logon Required?
John A Kushwarra - 17 Mar 2006 5:25 PM - 3 messages
Hello Here is a strange one.  I have and asp 2.0 web site  hosted on ServerA that uses windows authentication.  When I acces the site from a local pc everything works the way taht it should.  If I access the site from a ...
Score administer IIS but not local Admin
Drew - 16 Mar 2006 7:49 PM - 2 messages
I want to allow an IIS admin to do everything IIS but not be an admin on the server.  I will have them use MMC on a remote computer and open IIS.  That part works when they are in the admins group...looking to make that be a much ...
Score Making ASPNET a Member of Administrator Group??
Ben - 16 Mar 2006 7:49 PM - 5 messages
I'm working on a C#.Net Web application involving a third party dll. Because they use SoftLock in that dll, the Web app cannot access that dll at runtime, and they told me to make "ASPNET" as a member of the Administrator Group. ...
Score Cross Site Scripting - Newbie Question
Steve Ray - 16 Mar 2006 7:04 PM - 3 messages
Guys I've been informed today that one of my websites (at work) is allowing CSS. Apart from Sp'ing and HF'ing the server is there a IIS security tool I can install on Server 2003 that will prevent all known forms of attacks on the ...
Score Delegation and IIS service account
T. Tyrone - 16 Mar 2006 1:46 PM - 3 messages
Hello; I'm trying to set up a web app that accesses a SQL database on a second server.  I want to use integrated security and have set the computer account as trusted for delegation.  I know I need to use setspn to tell Active ...
Score Moved to new server, I_USR not showing
Joey Martin - 15 Mar 2006 8:22 PM - 4 messages
I moved web server (from Server 2003 Standard to Server 2003 Web Edition). I noticed that permissions hasve changed some under IIS. My asp page uses FileSystemObject to write file. My old server, this worked fine. I have verified that WRITE permission is enabled under IIS. But, Under ...
Score IISADMPWD Vulerabilities
Mike B. - 15 Mar 2006 4:00 PM - 4 messages
What problems would be caused if the IISADMPWD page is accessed via Anonymous access to the pages to the Internet?  What kind of vulnerability would Active Directory be in should this be configured this way?  We need a ...
Score SSL redirect to non-SSL
Daniel Kaplan - 15 Mar 2006 2:35 AM - 3 messages
Not sure if I am in the right group, but question. If I am going from an SSL page to a non-SSL page (like after loggin on) is there a way to get the browser to NOT give that "you are being redirected to ...
Score ASP app upgrade to IIS6 with new Authentication scheme
pwarda - 14 Mar 2006 11:37 PM - 2 messages
Hello all, we have an existing ASP 3 based application that use to run perfectly with SQL Server 7. We have been mandated to migrate the site over to the following configuration: WebServer (server 1) Windows 2003 (with IIS 6 of course) ...
Score SSL Posting question
Poker Man - 14 Mar 2006 5:26 PM - 2 messages
Hello All, Curious about something.  Am using SSL on one of my pages to process payments with a credit card. Now when the user doesn't fill out all the info properly I repost the form to ask for the missing fields. ...
Score IIS requires credentials all the time....PART II
Lobo - 14 Mar 2006 1:29 PM - 3 messages
Yesterday's post: I have IIS server on Server 2003 and Anonymous Access and Windows Integrated Security are checked but when some users wants to access site    IIS requires credentials ... If I turn off Integrated Security then I ...
Score access when I use my ip address
Dooma - 13 Mar 2006 10:50 PM - 2 messages
When I try to access my local SharePoint site I get an error http 500 but when I use my local IP address I can logon fine. Is there a problem. I am using windows 2003 AD with local DNS server. ...
Score Intermittent login issue
Bill - 13 Mar 2006 5:21 PM - 4 messages
Hello, We are using MBS Business Portal 2.5 on a 2003 server (also domain controller).  We are using Basic authentication with SSL.  (Integrated Authentication is not an option due to clients not being part of the Windows ...
Score Problems with IIS6 / SSL
Lajus Norvejikus - 13 Mar 2006 5:11 PM - 6 messages
Hi all, I recently installed one Windows 2003 Server and after I installed IIS 6. I have 2 web sites configured: one I want to answer to port 80, the other will listen 443. I install a certificate (ok) using the acticle id 816794 as ...
Score Locking down FPSE
psychogenic - 13 Mar 2006 4:20 PM - 8 messages
Does Visual Interdev use an account to gain access to a remote web server or does IIS treat it as an anonymous guest user? We have web developers who insist on having FPSE installed on the production server but the problem is we also have other people in our WAN who have ...
Score Getting Server SSL Cert Expiration Info
Jul.Genis - 13 Mar 2006 4:12 PM - 5 messages
Hello, I am trying to come up with a solution which will help me gather ssl certificacte expiration date remotelly. So far the only solution that i caould come up with is running the following command on remote servers: certmgr.exe /s -r localmachine my >> \\server\share\exp_date.txt ...
Score IIS requires credentials all the time....
Lobo - 13 Mar 2006 2:09 PM - 3 messages
I have IIS server on Server 2003 and Anonymous Access and Windows Integrated Security are checked but whwn some users wants to access site    IIS requires credentials ... If I turn off Integrated Security then I get message "You are not autorized to view this page" ...
Score Lock user in website folder
ttopholm - 13 Mar 2006 12:10 AM - 4 messages
How can I lock an iusr_ so it can't go out of it's wwwroot folder... Because I found a script, which can show my whole C-drive with fso in asp, but I want to disable that so it only can see the wwwroot and not outside ...
Next » 2 3 4 5 6 7 8 9 10