Re: Programmatically Altered IIS Security?
From: Painless (Painlesspole_at_yahoo.com)
Date: 05/09/04
- Previous message: Jonathan Maltz [MS-MVP]: "Re: IIS files on different partition?"
- In reply to: Rick Skinner: "Programmatically Altered IIS Security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 9 May 2004 08:01:25 -0700
Same problem for me also. Monday morning I get an angry call from a
customer claiming he cannot edit his web pages. For some reason, windows
authentication has stopped working, and my SMTP server has forgotten which
IP addresses it can relay mail for. I now have the web server running with
clear text authentication.
The angry calls have stopped, and I have re-configured the mail server, but
understand, these servers have been running perfectly since 2001. (And we
never EVER touch ANYTHING that is working.)
The only server I have which is still running is one which we had
accidentally turned off the automatic updates. (and I am afraid to apply
updates now.)
"Rick Skinner" <rskinner@research.usf.edu> wrote in message
news:f88a871.0405050905.5072ab7d@posting.google.com...
> Programmatically Altered IIS Security?
>
> My server is running IIS5 on Windows 2000. On Monday morning one of
> my techs installed two updates from Windows Update:
>
> 1) Root Certificates Update
> 2) Update for Windows Media Player 9 Series (KB837272)
>
> Let's leave aside the point that there is probably no good reason to
> install these updates on a production Web server for now.
>
> We also had a corresponding Sasser virus outbreak on several
> workstations Monday morning.
>
> Immediately after these updates were applied about half of my ASP
> based pages started hanging. After an hour of troubleshooting we were
> inclined to suspect directory/file level permissions problems. I
> noticed particularly that three strange local groups with no members
> had been assigned read only permission to the wwwroot file system.
> Also permissions throughout the file system were insufficient to allow
> much of our ASP stuff to run. I don't know how these permissions got
> altered and none of my techs claim responsibility.
>
> Is it possible that one of these two updates altered the permissions
> on the wwwroot file system? Or do I blame it on the Sasser worm? Can
> anyone help explain how my Web server's file system permissions got
> altered by Windows Update or by any other means?
>
> I first restored system state from the previous Friday and those three
> strange local groups went away substantiating that they did not exist
> as of the last good backup. I next restored Friday's file system with
> permissions from inetpub on down and everything was fine after that.
>
> I'm just left wondering what altered the permissions on my file
> system. Any experience you can offer would be appreciated. Thanks.
> Rick Skinner
> rskinner@research.usf.edu
- Previous message: Jonathan Maltz [MS-MVP]: "Re: IIS files on different partition?"
- In reply to: Rick Skinner: "Programmatically Altered IIS Security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
