|
Home > Archive > IIS Server Security > January 2004 > IIS Lockdown problems
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IIS Lockdown problems
|
|
| Mr. Smith 2004-01-24, 1:54 am |
| Hi.
Installed IIS Lockdown 2.1 on Win 2000, and after that .asp script to
generate a .txt file on a safe partition (F fails bigtime. The .asp page
does not even show up with other than 500 internal error message.
Where can I ease up the IIS Lockdown tool to let .asp script writes to F:
disk and generate the f**k'n files that I so desperatly need every day.
PLEASE
Mr. Smith
| |
| Bernard 2004-01-24, 1:54 am |
| a) disable IE friendly error msgs - post the real error msgs here.
http://support.microsoft.com/?id=294807
b) if you think Lockdown creates this problem.
you can always undo the changes by re-running the installation
package file.
I suspect you select an option, which add 'deny write' permission
for iusr account. hence it has no write to create the file.
or it could be urlscan is blocking certain requests.... (not unlikely)
but you can always check urlscanxxxxxx.log located at
%windir%/system32/inetsrv/urlscan/ folder
and try to skip the f word in this public forum.
--
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Mr. Smith" <dontreply@nospam.com> wrote in message
news:up$7cp#tDHA.2308@TK2MSFTNGP11.phx.gbl...quote:
> Hi.
> Installed IIS Lockdown 2.1 on Win 2000, and after that .asp script to
> generate a .txt file on a safe partition (F fails bigtime. The .asp page
> does not even show up with other than 500 internal error message.
>
> Where can I ease up the IIS Lockdown tool to let .asp script writes to F:
> disk and generate the f**k'n files that I so desperatly need every day.
>
> PLEASE
>
> Mr. Smith
>
>
>
>
| |
| Karl Levinson [x y] mvp 2004-01-24, 1:54 am |
| For any problems with URLScan, you can confirm the problem by looking
at the URLSCAN.LOG file and fix the problem by editing the URLSCAN.INI
file and restarting the IIS WWW service.
For any permissions problems, you can confirm what the problem is by
enabling windows NTFS file auditing [and using filemon free from
www.sysinternals.com might also be useful]. Both of these are
described in greater detail in the FAQ:
http://securityadmin.info/faq.asp#urlscan
http://securityadmin.info/faq.asp#auditing
One common problem is that .ASP pages can run as IWAM instead of IUSR
if the folders containing them are set to medium or high application
isolation in the IIS MMC. If you're granting the permissions to IUSR,
then possibly IWAM is being used instead. To confirm this, check the
MMC or enable windows file auditing. Possibly there are some files in
the windowsroot\system32\ folder and program files\ folder that may
need some sort of permissions added as well.
hope this helps
"Bernard" <qbernard@hotmail.com> wrote in message news:<eH3W2e$tDHA.2368@TK2MSFTNGP09.phx.gbl>...[QUOTE][color=darkred]
> a) disable IE friendly error msgs - post the real error msgs here.
> http://support.microsoft.com/?id=294807
>
> b) if you think Lockdown creates this problem.
> you can always undo the changes by re-running the installation
> package file.
>
> I suspect you select an option, which add 'deny write' permission
> for iusr account. hence it has no write to create the file.
> or it could be urlscan is blocking certain requests.... (not unlikely)
> but you can always check urlscanxxxxxx.log located at
> %windir%/system32/inetsrv/urlscan/ folder
>
> and try to skip the f word in this public forum.
>
> --
> Regards,
> Bernard Cheah
> http://support.microsoft.com/
> Please respond to newsgroups only ...
>
>
>
> "Mr. Smith" <dontreply@nospam.com> wrote in message
> news:up$7cp#tDHA.2308@TK2MSFTNGP11.phx.gbl...
|
|
|
|
|