Scheduling IIS to restart each night automatically

Monday, July 28th, 2008

Going to try using a .bat file and the net commands such as

NET STOP W3SVC
NET START W3SVC

these were useful:

http://www.ss64.com/nt/net_service.html

http://dontknow-syndrome.blogspot.com/2008/01/dos-dir-cmd.html

IIS on XP increasing the number of connections - HTTP 403.9 error

Thursday, June 19th, 2008

This can be very annoying sometimes. I know it is not best to be running IIS on XP but sometimes you just have to. When running a local host you may want another member of your team to view your site or you may be running some regretional testing such as selenium test runner and you need to be able to hit the site more than just the once. Instead you just get a 403.9 error.

To alleviate this problem (not fully) you can do the following:

  • remove HTTP Keep-Alives Enabled
  • reduce the connection timeout
  • and then run this: adsutil set w3svc/MaxConnections 40 Found: c:/Inetpub\AdminScripts

http://weblogs.asp.net/cazzu/archive/2003/10/10/31476.aspx

Windows server 2003 resource kit

Monday, April 28th, 2008

http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en

http://www.windowsnetworking.com/articles_tutorials/Windows-Server-2003-Resource-Kit.html

Removing .net version from http headers

Thursday, March 6th, 2008

To get rid of the X-AspNet-Version HTTP header from the response, just copy this line into the web.config’s <system.web> section:

<httpRuntime enableVersionHeader=”false” />

http://www.alphasierrapapa.com/IisDev/Articles/XAspFilter/

Normal Password protection for IIS 6

Thursday, August 30th, 2007

http://www.hostmysite.com/support/dedicated/IIS/passwordprotect/

 

The following article explains how to create a password protected section of your website. The protected section will require users to login before they can view contents of the folders. This is a three step process; the first step creates a Windows user account with limited access to the machine, the second step removes Anonymous Access to the folder, and the third step assigns the user to the folder.
To password protect a folder, please follow these steps:

  1. Login to your server through Terminal Services or Remote Desktop Connection.
  2. Create the Windows User by following the steps in How do I create a new user on my Windows 2000 & 2003 Server?
  3. Click Start, select Programs, and then click Administrative Tools.
    • For IIS 5.0 click Internet Services Manager.
    • For IIS 6.0 click Internet Information Services.
  4. In the left column you will see the Server Name.
    • In IIS 5.0, expand the Server Name to find the domain name.
    • In IIS 6.0, expand the Server Name and then Web Sites to find the domain name
    • .

  5. Right-click on the domain name and select Properties.
  6. On the Directory Security Tab under Authentication and Access Control click Edit.
  7. Uncheck Enable Anonymous Access.
  8. Choose the level of Authenticated Access:
    • Integrated Windows Authentication - encrypts the password sent to the server (we recommend this method).
    • Digest Authentication - this level works only if Active Directory is configured.
    • Basic Authentication - sends the password across the network in clear text (we do not recommend this method).
    • .Net Passport Authentication - a web authentication service.
  9. Click Ok and then click Ok a second time.
  10. Navigate to the folder on your server containing the contents of your website.
  11. Right click the folder and select Properties.
  12. On the Security tab click Add.
  13. Enter the name of the user you created and click Ok.
  14. If you wish to allow other users to login, repeat step 14 with the additional user names.

Your website is now password protected. If you prefer to password protect only a folder, rather than your entire website, you can repeat the exact steps above on the individual folder, rather than your entire website.

IIS Password Restriction

Tuesday, August 21st, 2007

http://www.troxo.com/downloads/downloadcenter/?action=step2&rfd=1&download=1

IIS 6 Hardening

Wednesday, August 8th, 2007

http://www.shebeen.com/win2003/

http://www.microsoft.com/technet/security/tools/locktool.mspx

Scheduling tasks on Windows Server 2003 using c#

Sunday, July 22nd, 2007

http://www.codeproject.com/csharp/TSNewLib.asp

Self Cert on IIS

Friday, May 18th, 2007

This is a useful page for referance on crating a cert on Windows for IIS:

http://www.iis-resources.com/modules/AMS/article.php?storyid=459

SSL is the industry standard encryption protocol used for encrypting sensitive data such as credit card information on pretty much all major ecommerce sites.

The problem is that SSL certificates can be expensive. One of the primary providers, Verisign charges up to $350 for one year. Yes, you have to renew them on a subscription basis as well

Developing a website that uses SSL technology can therefore be expensive. However there is a way to create a self-signed cert. Note that self-sign certs are useless in the real world and should not be used. It will take too long to explain here why but basically SSL certs have to be verified by an authorised provider. And unless you are a large multinational SSL cert issuing company that ain’t you.


So anyway, on to how to create your own. It was something I had to do whilst building an eccomerce site and it took me a while to figure out how to do it so I thought I’d share…

First off, this tutoral is for users running Microsofts IIS on at least Windows XP Pro. The same method will work for Windows 2000 and 2003. You will need a fully patched operating system (which you should have anyway). If you are running Apache (on any platform) this won’t work for you - it also assumes you have IIS installed and working correctly. If you don’t I suggest you read Installing Internet Information Server (IIS) on Windows XP Pro or Installing IIS 6.0 on Windows Server 2003

You need to download a little application from Microsoft called“makecert.exe
Copy it to the root of your C drive

Now, open a command prompt (Start > Run > type “cmd”)

In the command prompt navigate to the root of C (type “cd..” a few times to move up the directory structure)

Now copy this string into the command prompt:

makecert.exe -a SHA1 -ss my -sr LocalMachine -n “CN=”%ComputerName% -b 01/01/2000 -e 01/01/2050 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12

See that variable %ComputerName%? That will be replaced by the ComputerName environment variable ¡ ie the name of your computer. You could change it to www.yourname.org and it would generate a signed cert for that domain but as I’ve said this is useless ¡ you are only generating a self-signed cert so you can use localhost with SSL

If everything goes according to plan you should see the message “successful”. Great. Now you have to install it.

To check everything has went according to plan you can use the Certificates mmc snapin to view it. To do this:

  1. start> run > mmc
  2. File > Add/Remove snap-in
  3. Select Add and select “Certificates” from the list
  4. Select “Computer Account” from the options then “Local Computer” then “Finish”
  5. Close the options panel and hit “ok”

Incidentally you can save the snap in configuration to the Administrative Tool start menu by selecting File > Save As

You should now be able to see the Certificates snap in. Expand it and select Personal > Certificates. If everything has worked properly there should be a personal certificate with the name of your computer in there. If not something has gone wrong and try the above again.

Okay, now to install your cert.

Open IIS and bring up the properties of the website you want to apply the cert to. If you are running XP Pro you will only have one site available anyway. Select the “Directory Security” tab. In the section titled “Secure Communications” select the “Server Certificate” button.

A wizard will popup. Hit “next” then “Assign an existing certificate” You should see the cert you created and viewed using the mmc console. Select it and hit “next” and you should see some info about the cert. Hit “next” again and finish.

Right that’s it ¡ your done! You have installed your certificate. Verify in the website properties that the SSL port is set to 443.

Try accessing the website through ssl ¡ https://localhost/ You will get a security alert, hit yes to proceed and you should see the site loading with the tell-tale padlock in the status bar!

IIS 6 disabled parent paths

Thursday, May 17th, 2007

If you want to run asp on IIS you may need to enable parent paths:

http://support.microsoft.com/kb/332117

Anther little problem I ran across when setting up my Virtual windows server!