Hosting Provided By

RE: Securing IIS/5 with ASP

From: Holmes, Tyran <tholmes(at)ascendone.com>
Date: Fri Jan 24 2003 - 16:32:23 EST

Is the account (IUSR...) active? I know I remember getting some errors for the IUSR accts in the Event Log on an IIS server and found that my cohort had disabled the accounts. Just a thought...

-----Original Message-----
From: Ralph Los [mailto:RLos@enteredge.com] Sent: Friday, January 24, 2003 12:56 PM
To: 'focus-ms@securityfocus.com'
Subject: Securing IIS/5 with ASP
Sensitivity: Confidential

Hello,

I have a document I've built over the years about securing IIS/5,
with regards to permissions, etc right down to the file level. This often
works, except when I get that pesky ASP engine involved. I'm sick of HTTP/500 errors! I know for a fact the error is with file permissions, but
I can't pin-point which file(s) are causing it. I've had the dllhost.exe
keep getting "ACCESS DENIED" (Using NTFileMon from sysinternals.com) on C:\winnt\system32\<some_file> but...the permissions on that file/folder/whatever are IUSR/IWAM/SYSTEM (RWX).

Bottom line, does anyone have a definitive "baseline IIS/5 w/ASP"
security document done I could look over? Just curious - dying to know what
I'm missing.

?Ralph Received on Tue Jan 28 12:36:41 2003

This message: [ Message body ]
Next message: Kelly Fuller: "RE: Win2k log management"
Previous message: Kurt: "RE: Win2k log management"
Maybe in reply to: Ralph Los: "Securing IIS/5 with ASP"
Next in thread: dave: "RE: Securing IIS/5 with ASP"
Reply: dave: "RE: Securing IIS/5 with ASP"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:26 EDT