Re: Having Security Problems with IIS

Eric Fagan ( (no email) )
Fri, 25 Jul 1997 23:40:32 -0600

> From: Joseph Covey <>
> Subject: Having Security Problems with IIS
> Can anyone tell me why I am able to connect to my NT 4.0 Server in the
> Internet Service Manager from my NT 4.0 Workstation that is on a dial-up
> PPP account the same as the rest of my dial-up customers. If just anyone

What do you mean that you're connecting to NT "in the Internet Service
Manager"? ISM is an exe that runs on the server controlling IIS services.
Are you talking about web administration? You may have the workstation set
to logon to the domain - the account you are using is also probably the
admin one. Using an admin account, you'll be able to access many system
resources that a regular user can't simply becaus MSIE 3.0 will
automatically authenticate you when you try to access them. Use Netscape
to try to access those resources - it cannot do auto-network-
authentication like Internet Explorer. If Netscape can see whatever
resource you believe is protected (without asking for a password), everyone
can. (Netscape is always a good source to use if you want to check if
certain pages are *really* protected).