I posted this in the IIS general discussion group but got no responses. I've
now seen this issue on three IIS systems and figure it might be worth
posting to the security group.
In W2K3 SP1 running IIS6 the list of trusted root certificate authorities

I don't know whether this is a problem with Vista, IIS 7, or my brain, but I
cannot reproduce a setup I like working with on XP on my new Vista system.
The HTML files are checked into a project in Visual SourceSafe 8, with its
working folder set to C:\inetpub\wwwroot, or ...

I use Microsoft Product is Windows 2003 Standard R2 Service Pack 2 for my
server ,
But my server is hack delete file at c: and c:\windows  ,i Check it share
c$ , d$ , Admin$ , IPC$

Hopefully someone can help or at least confirm what I am thinking here.
Here is the situation:
We have built a new webserver with Windows Server 2003/IIS 6.0.
We have the default web site set for anonymous authentication.  We then a

Good morning,
I've trolled most every forum and venue possible for this information, and
have come up empty handed thus far, so forgive me if I'm reposting a
previously answered question.

I have an ISAPI dll that uses basic authentication, validating users in a
local database. I want to fist try and authenticate users using windows
authentication; if this fails, (ie they do not have a windows account), I
want to use the previous method of authenticating.

I'm doing an HTTPS post to an ASP page on IIS 6.0 on Windows 2003, and in
the Web logfiles, I'm seeing the following error:
/GET my.asp|21|c00c023f
Also seeing following message: "This method cannot be called until the Send

I am using IIS 6 and would like to know the best practices for securing an
area of a public website.  It is only one directory structure that should
require a username and password.  This server is not connected to any Active
directory.  Can someone please point me in the right ...

Hello, and thanks in advance to anyone who's got any ideas on this.
I have a web server with a web site that is supposed to provide access
to documents.   The documents are stored on a different server than
the web server.

I have a need to disable low-grade encryption on a web
site, which requires SSL on certain pages only.  For
those pages, I want to force 128-bit SSL.
IIS 6 only allows me to force 128 on the entire site,

I'm having a really wierd problem with client certificates on IIS. I can't
see what might have changed, other than I applied a couple of MSXML patches
to the box, but overnight, one of my webservers has stopped recognising
client certificates from our CA. Stopped as in this ...

I have a webserver that is not part of a domain.  We have localized accounts
on this server.  I am trying to have a way where the users password will
change and will be prompted to change it.  
I have used the iisadmpwd virtual directory, but you have to actually go to

I'm not sure if this can be done but I'd like to do it. I would like to
block all links to my website from a particular website. The IPs accessing
the webpage will be different but the external web page address is the same.
I'm using IIS 6.0 on a Windows 2003 server.

We have a set of 4 servers running our external web system. These
machines are NOT on our domain for security and performance reasons.
We have a seperate (5th) machine which runs our local office network,
Active Directory, etc.

I have IIS 6.0 set up on a Windows 2003 server.  I have installed a Web site
and am using Basic Authentication for Domain users inside or outside the LAN
to access the site.  This works however, the navigation of my web site is
such that the user starts in  parent .htm files that ...