Welcome to Community Server Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)
Typically this error is database related however you can also get this error if the Secondary Logon service is not started. Your corporate security policy may disable this service. Temporarily enabling it will allow DPM install to proceed. It does not Read More...
Kingcope has published an exploit to the Bugtraq mailing list for IIS FTP service running on IIS5, IIS6 and IIS7 (when running FTP v6). Note that IIS 7 running FTP v7 and IIS 7.5 are not affected. Microsoft has an official advisory , and some more details Read More...
1 Comments
Filed under: ,
As an extension of the previous article on Cross Forest (or Cross Domain) Kerberos Authentication this article examines how to configure cross forest authentication and delegation when users are accessing an arbitrary website URL. In this scenario we Read More...
6 Comments
Filed under: ,
In this part we extend, slightly, upon the previous scenario , by adding delegation. Now we need to allow IIS, in our resource Forest (or domain) to delegate the end user’s credentials, to a backend service (SQL Server in this case): The machines Read More...
15 Comments
Filed under: ,
Note: I have created a list of all the IIS and Kerberos parts I'm finally getting around to writing this section on IIS and Kerberos. This initial post will cover the basics of a cross-Forest Kerberos authentication scenario. In the next few posts Read More...
14 Comments
Filed under: ,
Hi all, There are two security patches out this month for IIS. The first ( MS08-005 ) affects Windows XP x86 (IIS 5.1), Windows XP x64 (IIS 6.0), Windows Server 2003 (IIS 6.0) and Vista RTM (IIS 7.0). Vista SP1 and Windows Server 2008 are not affected. Read More...
1 Comments
Filed under: ,
Having just deployed a test Operations Manager 2007 server at home, I wanted to publish the Web Console site externally, so I wouldn't have to continually TS into my box at home, and use the regular console. My only problem is that I have a single Read More...
Protocol Transition is a new feature in Windows Server 2003. The Kerberos implementation in Windows Active Directory domains provides the robustness of Kerberos whilst also obviating a number of the technical issues with non-Windows Kerberos implementations Read More...
15 Comments
Filed under: ,
I was asked recently by a colleague if a website defined in IIS could have multiple SSL certificates installed, so that the website would answer requests for https://www.abc.com as well as https://www.def.com without generating an error in the user's Read More...
5 Comments
Filed under: ,
Unfortunately if you have a new Vista PC, and you try to use the web enrollment pages (certsrv) hosted on a Windows Server 2000 Certificate Authority (CA) or a Windows Server 2003 CA, you won't be able to enrol for a certificate (indeed if you're Read More...
Delegation is a feature of Kerberos authentication that allows a server to obtain a Kerberos ticket on behalf of an end user without ever having access to the end user's password. This functionality allows Kerberos to solve typical "double-hop" Read More...
6 Comments
Filed under: ,
In Part 3 of this series we look at setting up Kerberos Authentication in the simplest possible scenario. If you missed Parts 1 ( What is Kerberos and how does it work ) and 2 ( Service Principal Names ) they may be worth reading first. In this scenario, Read More...
19 Comments
Filed under: ,
Apologies for the delay in posting Part 2 - I've been on holidays so it's been a bit hard finding the time to write these posts. In this part we cover Service Principal Names (SPNs). In a previous post we covered the basics of Kerberos authentication. Read More...
18 Comments
Filed under: ,
Edit: I've created a list of all the parts in this series here , which will be updated as I add more parts. Configuring Kerberos and Delegation is one of the more common problems I see in the communities and even within Avanade. Since Kerberos isn't Read More...
16 Comments
Filed under: ,
A little discussed feature in Windows Vista is Mandatory Integrity Control (MIC). Unlike DACL (Discretionary Access Control Lists), MIC is designed to protect your operating system based on the trustworthiness of the code being run. High integrity files Read More...
More Posts Next page »