Re: IISLock has disabled ASP & SQL

From: Kami Razvan (Kami@Durability.com)
Date: 11/20/02 

From: "Kami Razvan" <Kami@Durability.com>
Date: Wed, 20 Nov 2002 10:26:03 -0800

Hi;

I am running Windows 2000 server. We have just installed
the .NET Framework - this is NOT a .NET server.

OS: Windows 2000
SQL: 2000

I just checked the URLScan.112002.log file. I executed
the site & there is nothing that shows up at the time that
I visited the site. So I guess nothing is being blocked.

I wonder if the permissions of any files could have
changed that allows for the login to take place over the
net.

Regards,
Kami

>-----Original Message-----
>When you say .NET platform, I assume you're running
Windows 2000, right?
>Not Windows .NET server beta? [Running IISLockdown or
URLscan on .NET
>server is a bad thing.]
>
>After editing the URLSCAN.INI file, check the URLSCAN.LOG
file. If URLScan
>is blocking anything, it would show up there. What do
you see there?
>Anything being blocked?
>
>
>"Kami Razvan" <Kami@Durability.com> wrote in message
>news:bc6f01c290a8$1f7baea0$8af82ecf@TK2MSFTNGXA03...
>> Thank you Ken & Karl:
>> The solutions you proposed are all true but I have
looked
>> at all of those.
>>
>> This is the status:
>>
>> -- Server\IUsr_Server is set in the Security/Login as a
>> user
>>
>> -- IUsr_Server is set as db_datareader & db_datawriter
for
>> the database
>>
>> -- this program worked well. I simply decided to run
the
>> Security Analysis on the server and one a red flag
>> appeared about the IISLock so I decided to apply it.
>> After that all went to hell.
>>
>> -- On this server I have installed the .NET platform for
>> testing.
>>
>> -- The URLSCAN.INI was blocking .asp and .asa and I
>> deleted them. So it should now be allowed.
>>
>> Once again SQL server has IUsr_Server listed in the
>> Security as well as in the local database that we are
>> trying to access. The user is listed as db_writer and
>> db_reader.
>>
>> Day 3 in not being able to work on this system.
>>
>> Regards,
>> Kami
>
>
>.
>

Relevant Pages

  • SecurityFocus Microsoft Newsletter #154
    ... MICROSOFT VULNERABILITY SUMMARY ... ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi... ... Roger Wilco Remote Server Side Buffer Overrun Vulnerability ... available for Microsoft Windows operating systems. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #49
    ... Subject: SecurityFocus Microsoft Newsletter #49 ... Microsoft Windows NNTP Denial of Service Vulnerability ... Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability ... Microsoft ISA Server H.323 Memory Leak Denial of Service... ...
    (Focus-Microsoft)
  • Re: Sql Server 2005 Dev. Ed. on Windows Server 2003
    ... Check out this KB which is about transferring Logins: http://support.microsoft.com/kb/246133 ... Also, since this is running on a newly installed Windows Server 2003, is ... them from your older SQL Server instance to the newer one. ...
    (microsoft.public.sqlserver.setup)
  • Re: New Windows Infrastructure
    ... vendor's application runs on windows with an SQL database and I will also need a web server for a separate module which will allow our customers to access account data online. ... I would think that if the app runs on windows, I do not need the citrix server. ... It makes sense to have separate DCs though, because let's say you want to upgrade your Active Directory in two weeks time, with separate DCs it's easy, but if you've got a bunch of apps installed it could be a nightmare. ...
    (microsoft.public.win2000.setup_deployment)
  • How can I avoid using SQL Authentication with the Office Web Parts?
    ... We have a machine running Windows 2003 Server, IIS 6, and Windows SharePoint ... We are using Office Web Parts on several Web ... Part pages to display data retrieved from a SQL Server (SQL 2000 SP3 running ...
    (microsoft.public.sharepoint.portalserver.development)
Quantcast