IIS Security

OK, here's my dilemma: I have a site with a login script and the usual checking each time you hit a page that requires it. We have finally gotten an SSL cert and it is installed, but from here I am not sure of the best approach to get it ...

Hi all, We are trying to get SSL going on one of the websites on a 2003 server. We generated the certificate and it shows up as an option when selecting Sever Certificate under the Security tab on the properties. Everything seems to be ...

Hi, have a site on IIS 6.0 configured using IWA only, becaues that site will grab user's logon information to keep track it. people in same AD with IIS server logon fine with no issues. people in other ...

Not sure what caused this but I can get to the admin page to manage accounts but if I try to go to the site admin I am locked out? We were running the server in iis 5 isolation mode but we have corrected that problem and ...

I'm unable to administer to my sites with my administrator password. Definitely SP1 related is anyone else experiencing the same type issue? Here is the error: You are not authorized to view this page You do not have permission to view this directory or page using the ...

I have SharePoint installed on Windows Server 2003. I'm accessing it form IE6 on a Windows XP computer logged into the same domain as the server. I'm attempting to configure it so that I don't get prompted for a username and ...

I have WebDav set up on a 2003 server and everything seems to be working fine.  When a user opens a web folder he/she gets prompted to enter credentials and then can browse folders and subfolders that they have access ...

With security concerns that back door trojans can install zombie servers on systems, I am quite concerned that IIS components are installed on my XP home machine, particularly with this log file refering to "returned from France" [4/18/2005 18:52:28] LogFile Open. [***** Search on FAIL/MessageBox ...

Setting up IIS 6.0 with Kerberos authentication on sites using domain accounts to run application pools has always caused me problems. I think this is because I never *really* understood what an SPN was and what it was for. ...

Hi, My server was hacked over this weekend using the FSO exploit. It is sad that by uploading one simple asp file to one website in a server, hacker can access the whole machine, both drive C and drive D. Well I should have played ...

I recently upgraded our development application server with SP1 for Windows Server 2003 and the Web Services Enhancements 2.0 SP3.  Now our developers receive "HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials" when they attempt to work on their VS.Net 2003 web ...

I just downloaded the SelfSSL for the IIS 6.0 resource kit and ran the following command line:  selfssl.exe /NCN=MySSL /K:1024 /Vv:7 /S:1 /P:443 I got a message that it was successful however when I go in to "Directory ...

We know that the std IIS logs contain the return codes of 401, 402, etc., but we are interested in the URLScan logs that were present in IIS 5 and prior with the URLScan tool was setup. I am told not to run URLScan or IIS Lockdown on an IIS 6 box because that ...

Still no solution for this Problem? ( - Devices in the market cannot be changed. - Not possible to get request before http.sys (kernal mode). To strictly conform http spec is very good. But it should be possible to intercept requests! David Wang [Msft] wrote: ...