Welcome to Community Server Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)

Microsoft DPM 2007 Install Error 811

Posted Wednesday, September 9, 2009 3:00 AM by Ken
Typically this error is database related however you can also get this error if the Secondary Logon service is not started. Your corporate security policy may disable this service. Temporarily enabling it will allow DPM install to proceed. It does not Read More...
1 Comments
Filed under: ,

Denial of Service attach detailed against IIS 5 / IIS 6 FTP Service

Posted Monday, September 7, 2009 1:39 AM by Ken
Kingcope has published an exploit to the Bugtraq mailing list for IIS FTP service running on IIS5, IIS6 and IIS7 (when running FTP v6). Note that IIS 7 running FTP v7 and IIS 7.5 are not affected. Microsoft has an official advisory , and some more details Read More...
1 Comments
Filed under: ,

IIS and Kerberos Part 9 - Cross Forest Delegation scenario with UPN suffix routing

Posted Wednesday, February 25, 2009 8:44 PM by Ken
As an extension of the previous article on Cross Forest (or Cross Domain) Kerberos Authentication this article examines how to configure cross forest authentication and delegation when users are accessing an arbitrary website URL. In this scenario we Read More...
14 Comments
Filed under: ,

IIS and Kerberos Part 8 - a simple cross Forest/Domain delegation scenario

Posted Saturday, June 28, 2008 8:45 PM by Ken
In this part we extend, slightly, upon the previous scenario , by adding delegation. Now we need to allow IIS, in our resource Forest (or domain) to delegate the end user’s credentials, to a backend service (SQL Server in this case): The machines Read More...
16 Comments
Filed under: ,

IIS and Kerberos Part 7 - A simple cross Forest scenario

Posted Monday, May 12, 2008 10:13 PM by Ken
Note: I have created a list of all the IIS and Kerberos parts I'm finally getting around to writing this section on IIS and Kerberos. This initial post will cover the basics of a cross-Forest Kerberos authentication scenario. In the next few posts Read More...
16 Comments
Filed under: ,

IIS - two security patches this month

Posted Tuesday, February 12, 2008 8:23 PM by Ken
Hi all, There are two security patches out this month for IIS. The first ( MS08-005 ) affects Windows XP x86 (IIS 5.1), Windows XP x64 (IIS 6.0), Windows Server 2003 (IIS 6.0) and Vista RTM (IIS 7.0). Vista SP1 and Windows Server 2008 are not affected. Read More...
1 Comments
Filed under: ,

Publishing Operations Manager 2007 Web Console with ISA Server 2006

Posted Thursday, August 2, 2007 4:36 PM by Ken
Having just deployed a test Operations Manager 2007 server at home, I wanted to publish the Web Console site externally, so I wouldn't have to continually TS into my box at home, and use the regular console. My only problem is that I have a single Read More...
1 Comments
Filed under: , ,

IIS and Kerberos Part 5 - Protocol Transition, Constrained Delegation, S4U2S and S4U2P

Posted Wednesday, July 18, 2007 10:24 PM by Ken
Protocol Transition is a new feature in Windows Server 2003. The Kerberos implementation in Windows Active Directory domains provides the robustness of Kerberos whilst also obviating a number of the technical issues with non-Windows Kerberos implementations Read More...
15 Comments
Filed under: ,

Can you install more than one certificate per web site? (IIS 5 / 6)

Posted Friday, May 11, 2007 9:00 PM by Ken
I was asked recently by a colleague if a website defined in IIS could have multiple SSL certificates installed, so that the website would answer requests for https://www.abc.com as well as https://www.def.com without generating an error in the user's Read More...
8 Comments
Filed under: ,

Certificate Services (2000, 2003) Web Enrollment does not work on Vista

Posted Tuesday, May 1, 2007 11:45 PM by Ken
Unfortunately if you have a new Vista PC, and you try to use the web enrollment pages (certsrv) hosted on a Windows Server 2000 Certificate Authority (CA) or a Windows Server 2003 CA, you won't be able to enrol for a certificate (indeed if you're Read More...
3 Comments

IIS and Kerberos. Part 4 - A simple delegation scenario

Posted Saturday, January 27, 2007 2:31 PM by Ken
Delegation is a feature of Kerberos authentication that allows a server to obtain a Kerberos ticket on behalf of an end user without ever having access to the end user's password. This functionality allows Kerberos to solve typical "double-hop" Read More...
12 Comments
Filed under: ,

IIS and Kerberos. Part 3 - A simple scenario

Posted Tuesday, January 16, 2007 5:32 AM by Ken
In Part 3 of this series we look at setting up Kerberos Authentication in the simplest possible scenario. If you missed Parts 1 ( What is Kerberos and how does it work ) and 2 ( Service Principal Names ) they may be worth reading first. In this scenario, Read More...
22 Comments
Filed under: ,

IIS and Kerberos. Part 2 - Service Principal Names

Posted Sunday, November 19, 2006 6:29 AM by Ken
Apologies for the delay in posting Part 2 - I've been on holidays so it's been a bit hard finding the time to write these posts. In this part we cover Service Principal Names (SPNs). In a previous post we covered the basics of Kerberos authentication. Read More...
23 Comments
Filed under: ,

IIS and Kerberos. Part 1 - What is Kerberos and how does it work?

Posted Thursday, October 19, 2006 10:01 PM by Ken
Edit: I've created a list of all the parts in this series here , which will be updated as I add more parts. Configuring Kerberos and Delegation is one of the more common problems I see in the communities and even within Avanade. Since Kerberos isn't Read More...
19 Comments
Filed under: ,

Why Vista? Mandatory Integrity Control (MIC) (Security, Stability, System Integrity)

Posted Friday, August 18, 2006 8:02 AM by Ken
A little discussed feature in Windows Vista is Mandatory Integrity Control (MIC). Unlike DACL (Discretionary Access Control Lists), MIC is designed to protect your operating system based on the trustworthiness of the code being run. High integrity files Read More...
4 Comments
More Posts Next page »