IF the DNS has a wild card entry and there is not a blank Host header for
the site in IIS and they type a URL that does not have a host header they
will be directed to the Default Website with the All Unassigned Header This
is usually locked down.
Rick
-Original Message-
From:
Sorry, could you elaborate a bit?
IF the DNS has a wild card entry and there is not a blank Host header for
the site in IIS and they type a URL that does not have a host header they
will be directed to the Default Website with the All Unassigned Header This
is usually locked down.
Rick
to the default site. That site is usually the IIS
Administration site and is Locked down.
Rick
-Original Message-
From: Chunshen Li [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 8:46 AM
To: CF-Talk
Subject: Re: Challenge/Response and IIS Security
Sorry, could you elaborate a bit
Forgot to add in case you wonder, I understand the IWAM_{machineOrHostName} NT user account is required to be enabled to start the IIS server, it's related but that relevant to the problem at hand.
A client informed me that his site (on NT class OS and IIS web server)
now required Network
OK. I'm with you.Now, as my original posting indicated the IUSR_{machineOrHostName} NT user account needs to be enabled, by default,
this user belongs to Web Anonymous Users group (which I guess created by IIS during installation or the like).Question, how do you find out which directories/folders
is usually
the IIS
Administration site and is Locked down.
Rick
-Original Message-
From: Chunshen Li [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 8:46 AM
To: CF-Talk
Subject: Re: Challenge/Response and IIS Security
Sorry, could you elaborate a bit?
new
NT
: Thursday, May 13, 2004 10:33 AM
To: CF-Talk
Subject: Re: Challenge/Response and IIS Security
Ahe, under default web site right under web site, the options show as
you described, the setting on my box is same as what you said, now,
question, if my client's box has some entry/TEXT for the Host
, 2004 10:33 AM
To: CF-Talk
Subject: Re: Challenge/Response and IIS Security
Ahe, under default web site right under web site, the options show as
you described, the setting on my box is same as what you said, now,
question, if my client's box has some entry/TEXT for the Host Header Name,
in other
Ahe, under default web site right under web site, the
options show as you described, the setting on my box is same
as what you said, now, question, if my client's box has some
entry/TEXT for the Host Header Name, in other words, not
blank, then, it would require NT logon?
It does not
Forgot to add in case you wonder, I understand the
IWAM_{machineOrHostName} NT user account is required to
be enabled to start the IIS server, it's related but that
relevant to the problem at hand.
The IWAM_MACHINENAME account is only required for running out-of-process
applications.
A client informed me that his site (on NT class OS and IIS
web server) now required Network password to logon.
I suspected it's NT Challenge/Response and IIS Security
problem with his new setup.
Did quick research to confirm my suspicion, seems that my
suspicion is valid, it seems at
Good info.Sorry I forgot to mention about the cf server version, it's 5.0.Now, as I asked, how to determine IUSR_MACHINENAME account's privilege to web root doc directory and subdirectories?
Under IIS, for a particular directory (folder), the two most probable options are:
1) All Tasks
a)
Now, as I asked, how to determine IUSR_MACHINENAME account's
privilege to web root doc directory and subdirectories?
Under IIS, for a particular directory (folder), the two most
probable options are:
1) All Tasks
a) permissions wizard
(what's heck is the design! just tell me what who can
Now, as I asked, how to determine IUSR_MACHINENAME account's
You will have to check the filesystem using Windows Explorer or the command
line.
Yes, I did, as my other posting indicated, IUSR_MACHINENAME account does not show up in the Users/groups list under Security, however, my site is
Yes, I did, as my other posting indicated, IUSR_MACHINENAME
account does not show up in the Users/groups list under
Security, however, my site is accessible by outside users,
so, I guessed, IUSR_MACHINENAME may be associated implicitly
by Microsoft, also, how about an unknown...account,
Oops, sorry I forgot to mention I'm checking on my XP prof box,
for XP prof there are no such user/group as of Everyone and Authenticated Users while your info could be helpful if my client's box uses this naming convention.Microsoft loves to play tricks on people :)
Again thanks.
The
Oops, sorry I forgot to mention I'm checking on my XP prof
box, for XP prof there are no such user/group as of
Everyone and Authenticated Users while your info could be
helpful if my client's box uses this naming convention.
Microsoft loves to play tricks on people :)
I don't have an XP
Shoot, excuse me for the lang, I was so absent-minded, missed the key word, contextual in your last posting, OK, what's the nuance between EVERYONE and ANONYMOUS LOGON from a site access perspective?
Man! you're very very detail-oriented, a great quality, I'd say.
Don
I don't have an XP box
Shoot, excuse me for the lang, I was so absent-minded, missed
the key word, contextual in your last posting, OK, what's
the nuance between EVERYONE and ANONYMOUS LOGON from a site
access perspective?
The difference between them, from the perspective of setting filesystem
permissions, is
I would strongly recommend avoiding the use of Everyone when setting
filesystem permissions, though. Use Authenticated Users instead. The
IUSR_MACHINENAME account is also a member of that group.
Excellent.I read about not to use EVERYONE account, however, I forgot (can't focus well these days,
Now, how would you determine if some of the users from the
list may be fakeID/backdoor user account? One way, I guess
might be, get mandatory or system default user account list
for NT/XP/given win OS and then separate them from the rest,
then examine the remaining?better approach?
I
21 matches
Mail list logo