Re: VS.NET - IIS Lockdown
From: Roland Hall (nobody_at_nonononono.us)
Date: 03/03/04
- Next message: Yan-Hong Huang[MSFT]: "Re: VS.NET - IIS Lockdown"
- Previous message: a: "When was Visual Studio .NET released?"
- In reply to: Yan-Hong Huang[MSFT]: "RE: VS.NET - IIS Lockdown"
- Next in thread: Yan-Hong Huang[MSFT]: "Re: VS.NET - IIS Lockdown"
- Reply: Yan-Hong Huang[MSFT]: "Re: VS.NET - IIS Lockdown"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 2 Mar 2004 22:30:06 -0600
"Yan-Hong Huang[MSFT]" wrote:
: Hi Roland,
:
: Thanks for posting in the group.
:
: Based on my understanding, now the question is: Is it possible for us to
: run IIS Lock down tool and developing with VS.NET with connectivity via
: UNC/FPSE. If yes, how? Please feel free to post here if I have
: misunderstood any.
:
: Firstly, please let me confirm the environment. Currently you are running
: vs.net 2003 on a Win XP box, and the IIS server is on another W2K Adv.
: Server SP4 machine. right?
Yes.
: Could you please post detailed error message after you install IIS Lock
: down tool? We did find some KB artile such as
: "BUG: "ExternalException: Cannot Execute a Program" Error Message When You
: Call WebServices from .aspx Page"
: http://support.microsoft.com/default.aspx?scid=kb;EN-US;315904
This is not what has happened although IIS Lockdown is involved. Let me
give you the chronological order.
1. I built a Windows 2K Server.
2. I upgraded this server to run Windows 2K Adv. Server.
3. I added AD/DNS.
4. I demoted and then promoted a new domain name (internal.gameplayers.us)
after I registered gameplayers.us for a new business.
5. I added MS Exchange 2K Enterprise.
6. I added MS SQL 2K.
7. I am not in production yet so I am running this server on a private
network. The public IP is dynamic and DNS is provided by dyndns.org. I run
the DDNS client on a different computer. Locally the IP address is static.
The firewall only accepts DNS/Email to this server. This server is in a
domain all its own. No clients are part of this domain. Clients run under
a different domain and cannot automatically authenticate unless it is
scripted or passed at time of connection.
8. I installed ASP.NET Forums and a .NET portal, configured and tested
internal and exteral connectivity.
8. I added URLScan and IIS Lockdown.
9. I have been using this server to develop a new application in Classic ASP
with VS6 for months. The time has come to build it in ASP.NET, using C#.
10. I installed VS.NET 2K3 Enterprise Architect on an XP Pro client.
11. I tried connecting to the server with VS.NET via FPSE and UNC. Neither
worked. I may have a log of the errors to provide but I will have to look
that up.
12. I tried modifying rights for ASPNET user for the executables in the .NET
Framework v1.1.4322 subdirectory. I got past certain errors but would then
be presented with others.
13. During my research and troubleshooting, I tried running the ASP.NET
Forums and the portal and neither worked and they all had the same .NET
Framework error.
14. I uninstalled the portal remembering it was quite difficult to
configure, trying to eliminate variables.
15. Remembering I might have installed IIS Lockdown, I downloaded it again
and ran it. It removed IIS Lockdown and presented on screen areas that
might be infected.
16. I uninstalled and reinstalled .NET Framework 1.1.
17. I had put the ASPNET user in the _Web Applications group, during my
troubleshooting, so it was removed.
18. I opened Windows Explorer to check security rights under the 1.1.4322
directory and when I opened the security tab for csc.exe, I noticed one
disappeared, which happens when that group no longer exists. In NT 4, it
used to hold the non-existant name in the list.
19. I then found a document, kb824308, which said, "If you're running W2K
Adv. Server with SP4 as a DC...", a domain controller group policy was not
set for the I_WAM user for client impersonation.
20. I added the user to the policy and I was then able to connect to this
server with VS.NET.
21. I tested my C# application which consists of a single <input... /> field
and it worked.
22. I tested the ASP.NET Forums and they were also working. You can get to
them here: http://gameplayers.us/aspnetforums/. My simple ASP.NET test app
is here: http://gameplayers.us/dotnet/webform1.aspx
23. I posted here to see if there was a document that I could use to apply
the IIS Lockdown tool properly without cutting off my development project
with VS.NET.
I'm not motivated to try to install the IIS Lockdown tool again until I can
get some documentation on how to configure it properly without hosing my
applications. Exchange now has to be looked at also.
- Next message: Yan-Hong Huang[MSFT]: "Re: VS.NET - IIS Lockdown"
- Previous message: a: "When was Visual Studio .NET released?"
- In reply to: Yan-Hong Huang[MSFT]: "RE: VS.NET - IIS Lockdown"
- Next in thread: Yan-Hong Huang[MSFT]: "Re: VS.NET - IIS Lockdown"
- Reply: Yan-Hong Huang[MSFT]: "Re: VS.NET - IIS Lockdown"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
