I know that you should not need to run the Lockdown Tool with v6, but can
you?  Our IIS was installed before my time here. I'm not aware of settings
that may have been changed and would like to make sure all is secure and as
it should be.  

I've got a IIS 6.0 Website on Windows 2003 which I have setup as Integrated
Authentication.  I have disabled all other forms of authentication
(Anonymous, basic, etc).
The Clients authenticate against a Windows NT domain currently.  When the

My question maybe be asked many times here and i will be gald if u could
answer again.
My server is windows 2003.
im installing Address Book Services in the LCS server. the requirement will

Hi all there,
we have a APS.NET 1.1 Application running on IIS 5 and SQL Server 2000.
We use Integrated Windows Security.
Now we want to monitor the application by use of Nagios. It seems that

I've a website that can be connected by 2 different dns names.
site1.domain.com
site2.domain.com (alias of site1)
I 've a certificate installed and that is working fine on site1.domain.com.

We have had to revoke Administrator accounts from all users that are not real
'System Administrators'.  The problem is that several of these users do web
development and need to go in to IIS to modify settings/restart it, etc.  Can
anyone tell me how this can be done without ...

All,
I have an application that is currently working in IIS5 that when
elevated to a IIS6 machine is causing some problems.  I have a .Net
application that is running under the default application pool "Network

Our InfoSec people are obviously bored.  Is there a straightforward to way
to configure IIS 6.0 to not allow client connections using SSLv2 (and only
respond to SSLv3)?
I have read the following:

I am building a server application which I expect to run on servers that are
in the Trusted Sites zone for many of my users.  However, I will be serving
up content that, in some cases, comes from third parties and it is
theoretically possible that some of that content might contain ...

We are having problems with windows authentication in IIS on one of our
domain controllers. Here's what we have done: We have setup a test
virtual directory in the default web site to D:\WebSites\WebSiteA,
disabled anonymous access and enabled windows authentication.

When a user (that's in active directory) logs into ftp://domainnameA.com he
sees the home directory of domainnameB.com....
it is happening to all domains. In other words it's like any account user
name all

I have installed a web application in a virtual directory under the default
web site. Before I installed the application, SharePoint was already
installed.
When I attempted to browse to my default page in my web site, I get a

Sometimes we need to restart the IIS services on our intranet server due to
the intranet hanging. I am trying to figure out how I can grant my web
developer access to the IIS Manager remotely so that he can restart IIS when
needed. This is the quick fix to the hanging problems. ...

According to a white paper entitled MS Incident Response Plan, MS states that
you should never load IIS on a domain controller.  Does anyone have any
experience with a fully updated windows 2003 server and a fully updated IIS
install having security problems?

I have big problems with the Option "Require Client Certificates" in IIS. We
have enabled SSL and user client certificates with this option.
The problem: Often, when a User initiate a postback in an ASP.NET 1.1
Application, the page returns immediately with a blank page. But ...