I have an IP leak problem running IIS 6.0 on W2K3 SP1.  I have followed
recomendations in KB218180 and KB834141 and configured SetHostName so that
my websites do
not return internal IP addresses.  I have also configured host headers for

   I was digging around the default permission for "network service" user
and got myself quite confused. In the servers I've checked the default ACL
permission on any new folder for this user is "Read & Execute","List folder
contents" and "Read". However when I check the NTFS ...

I am planning to host mulitple web site's on a single server with each web
site/applicaiton being assigned a seperate applicaiton pool.
For secutiry and auditing reasons I would like to assign each applicaiton
pool a specific identity to for the worker process's to run under.

hi there, this has got to be a complete noob questions but it is driving me
insane.  I have a win2k3 server box and winxp box on a network - very simple
setup.  win2k3 is dc, dhcp, dns, iis and winxp is client on this domain.  
everytime i attempt to view webpage on server from ie ...

I setup a CA server on Server 2003 (active Directory) with exchange.  When I
access exchange through Outlook from home, I get the error "The server you
are connected to is using a security certificate that could not be verified
and certificate's CN name does not match the passed ...

I have created a web service name "TestWS" using VS.NET 2 and published it
to my SBS2003 server that uses IIS6 as a web server.
I have set NO anonymous access to TestWS virtual directory and I have
created a simple user account from the User template with the name of

I'm the web dev for a 200 person company, everything herein is in our
corporate domain.
We use Kerberos authentication - the domain controler is a win2k
server.

I have an asp page that allows me to start and stop services on my windows
2000 server and run some batch files as well. Now that we are upgrading to
windows 2003 this page is not working. I have changed the security parameters
on IIS 6.0 but still I cant run my batch (I am using ...

Our web servers run IIS5 and we also make use of the Microsoft URL Scan
utility: (http://www.microsoft.com/technet/security/tools/urlscan.mspx).
By default Microsoft's URL scan utility blocks a number HTTP Methods
including "HEAD".  We have a number of clients concerned that ...

I started to get this error after I inserted tables into my index.htm
page. I have a small form (username/password) that runs to a small .asp
page which then redirect based on information provided.
I read a couple of post regarding this situation and it talks about

I have a website on Windows 2000 server with only IWA enabled.  I can
log into the site just fine, but if I type a bad password I get an HTTP
500 error.  I can't figure out why I'm not reprompted for the password
at least another time or two.

I need to be able to access AD to authenticate users coming to a .NET
application running on an IIS which is in the DMZ...
Here are the details:
My .NET app resides on a Win 2003 Server with IIS6 in the DMZ of the

Hi,
I have an intranet site that is set up using ssl 128bit encryption (using my
own certificate server- windows 2003 server (so thats iis 6.0)
The name i used set for the 'issued to' part is its fqdn

I know you can suppress the ftp banner in IIS 6.0 - but how do you suppress
the http banner from displaying the web version? I was able to do it back in
IIS 5, but it no longer works in IIS 6.0 (W2K3 SP1).
We usually get written up about this during Security Assessments but the

I have a new Windows 2003 server with IIS.  I have set up the default web
page with anonymous access.  Everything works fine for a day, but something
happens overnight and my anonymous access quits working.  When I try
accessing the site, I am asked for the user id, password, and ...