Re: iis lockdown & admin logout

From: lt (tighe@brandeis.edu)
Date: 03/05/03

• Next message: Jeff Cochran: "Re: IIS vs. WebLogic?"
• Previous message: David Wang [Msft]: "Re: iis lockdown & admin logout"
• In reply to: David Wang [Msft]: "Re: iis lockdown & admin logout"
• Next in thread: David Wang [Msft]: "Re: iis lockdown & admin logout"
• Reply: David Wang [Msft]: "Re: iis lockdown & admin logout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "lt" <tighe@brandeis.edu>
Date: Wed, 5 Mar 2003 11:43:50 -0800

David,

Running Windows 2000 Server + all latest service packs and
hotfixes. It's running only the webservice (no active
directory or other services). We had run the IIS lockdown
when we originally set the machine up. Since then, we had
made a number of changes to the site, and I thought maybe
it would be good to "re-run" the IIS lockdown tool. It
detected that it had already been run and said it would
revert settings to default (or original?) settings before
re-running. I said "okay". It went through the process
of reverting and then while it was running to re-apply is
when the runtime error occurred. So, my guess is that it
had to do with re-running it since we had run it
originally on the machine and had no problems. And,
another user suggested that it's switching the admin
account into the "web_anonymous" group, which has no log
on locally privileges. When one tries to logon with any
valid account on the machine, it loads all the local
settings and then logs you out. So, that log-on locally
security settins were changed does appear to be the
issue.

>-----Original Message-----
>Hmm, I have not heard about this, but I will check on
getting an
>investigation on it so that we can release possible
workarounds (either
>programmatic fix, or how to get out of the situation).
>
>So, it's just running NT4 Server + latest IIS Lockdown
results in a runtime
>error?
>
>--
>//David
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>//
>"Wayne & Carr" <NoSpam@spam.net> wrote in message
>news:uRNBpve4CHA.2296@TK2MSFTNGP10.phx.gbl...
>You have just ran into a Major problem, That myself had
in my network
>On my server, that usually gets about 500+ hits per day.
>I tried everything that everyone told me to do, And it
did not work.
>If you are running the "WinNT 4.0 Server" And the
new "iis lockdown"
>Then, I think that there seems to be an issue with it and
running it on NT4.
>Not sure, this is just my own personal opinion.
>
>Though I got a log of good suggestion from people in the
newsgroup(s),
>known of them worked.
>I indeeded up having to reinstall my server from
scratch "AGAIN".
>
>Because there is one thing that you have to look at.
>When you installed the "iis lockdown" tool, and you got
the runtime error,
>>From that point on, you basically have lost all rights to
your server.
>Which is a pain in the A**, but there is basically
nothing that I am aware
>off
>And that all the suggestions that I got in, no one was
able to tell me,
>Yes this worked for me, It was all just,"Try this, Read
more into the iis
>lockdown next time,
>and so forth,"
>
>So, unless you can find someone that has "Successfully"
fixed this issue,
>There is not much that
>you can do, But I would wait, and if you are running a
productive server,
>(Like I am here)
>Then you are most likely wanting to get it back LIVE
a.s.a.p.
>Think about doing to reinstall,
>It takes me about 4 hours, from shut down, to being back
Fully online again,
>To do mine.
>Then pointing records, and setting up DNS, is an
additional 1 hour.
>So basically about 5hours, and it is ready.
>
>Sorry that this is not what you are wanting to hear.
>
>Take Care
>Wayne
>
>
>
>.
>

---

• Next message: Jeff Cochran: "Re: IIS vs. WebLogic?"
• Previous message: David Wang [Msft]: "Re: iis lockdown & admin logout"
• In reply to: David Wang [Msft]: "Re: iis lockdown & admin logout"
• Next in thread: David Wang [Msft]: "Re: iis lockdown & admin logout"
• Reply: David Wang [Msft]: "Re: iis lockdown & admin logout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: iis lockdown & admin logout ... and I was told that if you used the administrator account as ... it would be good to "re-run" the IIS lockdown tool. ... revert settings to default settings before ... it's just running NT4 Server + latest IIS Lockdown ... (microsoft.public.inetserver.iis.security) RE: login and email problems ... Please carefully check settings required in my previous post and post the ... Install the RPC ping utility on the client computer and then open a command ... Microsoft CSS Online Newsgroup Support ... Leave the Default Gateway of the internal NIC blank of the server box. ... (microsoft.public.windows.server.sbs) Re: Monitoring and Alerts ... Relay settings for Exchange SMTP Virtual Server: ... we pursue the performance alerts issue further. ... | Subject: Re: Monitoring and Alerts ... (microsoft.public.windows.server.sbs) Re: User-Specific Settings ... clear statement from the vendor that running ACT! ... Server is *not* supported. ... it would explain why changes in settings are not preserved. ... MCSE, CCEA, Microsoft MVP - Terminal Server ... (microsoft.public.win2000.termserv.apps) Re: All remote access stopped ? ... Server 2003 Remote Web Workplace ... Microsoft CSS Online Newsgroup Support ... <Firewall Settings on lefthand side, Advanced settings, Under attack ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)