When setting-up a secure area of a website that is using NTFS file level
security and AD user & group accounts to set the access permissions, is there
a timeout period for users once they enter the secure area of the site?  And
would this work differently with either HTML pages ...

I have implemented kerberos in 3 tiers environnmnet where IIS 6.0 access a
web services on a separate IIS server. I have properly setup all my SPNs,
service account etc.. and it work fine. My problem is I have a requirement to
run my webservices server on 8080 web port. I try ...

I have a web application that uses Integrated Windows Authentication.
Had been having a peculiar problem, where every request to the Web
server would give an 401 error, despite using HTTP/1.1 and the same
socket.

Hi. I'm trying to setup a secured website on a Server 2003 machine. I
would like to require user authentication through the use of
certificates. This is a stand-alone web server and certificate server
and we are not on a domain. I have installed the certificate service on

I've just installed .Net 1.1 and upgraded to 3.0 on my W2K3 server and I
want to lock down ASP.Net so that my hosted users can't see each others
folders on disk.  The disk is already secured via NTFS with separate user
and anonymous accounts for each hosted customer.  But I don't ...

Let me preface my problem with the statement that we are in the
process of migrating from W2k/IIS5 to W2k3/IIS6 and I [an old Perl
hack] am having to try and make an ISAPI filter work on the new
platform.  The ISAPI approach might not even be the most efficient/

We've been informed by a security auditor that we need to disable NETBIOS on
our network. That seems simple enough to do, but we are concerned that doing
so may affect NTLM authentication which we use for several web based
applications (as well as kerberos). Does NTLM or Kerberos ...

Not sure this is the right news group, but one spec. on ISA could'nt be
found.
My problem is:
In the period of time (eks) from 08:00-11:30 AND 12:00-17:00 i want tol only

I run a security scanner for PCI credit card(Visa,MC) shopping cart
compliance periodically on my web site, which, upon a recent site scan
on our domain, returned a failing test. The reason that the test did
not pass was because it maintains that the Microsoft IIS Server is

I have a Windows 2000 Advanced Server with XAMPP and IIS installed. I
am in the process of getting rid of XAMPP but the old PHP web
application has to run until my new .Net 2.0 is done. I have enabled
anonymous access in IIS 5, Integrated Windows authentication checked.

I've configured IIS 6.0 on Server 2003 including enabling asp extensions.  
HTML pages are accessible, but ASP pages give a 401.3 error.  Both the HTML
and ASP pages are in the same folder?  What permission would be missing?

i have a big problem and i did not find a solution so here is my last hope.
I have a windows server 2003 with IIS6.
There i have a virtual Host with host headder kb.koou.at
I want to secure this whol virtual host and so i created a certificate and

We have multiple websites assigned to the same IP, now each website needs
SSL certificate assigned to them. Is it possible to install SSL based on Host
header Value insted of IP address? I've read someware that it is possible but
I can not find the article anywhere.

Everyone,
I have an environment that uses a Stand-alone CA to issue certificates to
remote users from a public web site using web enrollment.  This cert is used
for authentication for another web site.

I've a problem. I don't no it's my problem or a problem of IIS.
The scenario:
We have a member server with IIS in a W2K3 domain. There is only one website
on it, one Applpool, only one default.htm (simple HTML, no script).