Re: Having Security Problems with IIS

Joseph Covey ( (no email) )
Sat, 26 Jul 1997 01:12:32 -0500

To be more specific, I am using NT 4.0 Workstation at home dialing into the
Internet the same as all my customers. When I open the Internet Service
Manager in the Microsoft Peer Web Services, I can connect to the IIS on my
NT 4.0 Server at work without it asking for any logon or password and then
I can actually configure and change any settings. I seem to remember trying
this at one time but it would never connect or ask for logon. I am
concerned that anyone running NT with IIS or MS Peer Web Services can
connect to my IIS machine and change the configuration.

Where does my NT workstation get the rights or permissions to be able to
connect to the NT Server IIS though a TCP/IP connection over the Internet?
The Workstation is set not to logon to domain. It is a member of
Workgroup. When I connect to the Internet it is through a terminal server
with radius. Where am I logging on to the NT server?


Joe Covey
Netsites Internet Communications

> From: Eric Fagan <>
> To:
> Subject: Re: Having Security Problems with IIS
> Date: Saturday, July 26, 1997 12:40 AM
> > From: Joseph Covey <>
> > Subject: Having Security Problems with IIS
> >
> > Can anyone tell me why I am able to connect to my NT 4.0 Server in the
> > Internet Service Manager from my NT 4.0 Workstation that is on a
> > PPP account the same as the rest of my dial-up customers. If just
> What do you mean that you're connecting to NT "in the Internet Service
> Manager"? ISM is an exe that runs on the server controlling IIS
> Are you talking about web administration? You may have the workstation
> to logon to the domain - the account you are using is also probably the
> admin one. Using an admin account, you'll be able to access many system
> resources that a regular user can't simply becaus MSIE 3.0 will
> automatically authenticate you when you try to access them. Use Netscape
> to try to access those resources - it cannot do auto-network-
> authentication like Internet Explorer. If Netscape can see whatever
> resource you believe is protected (without asking for a password),
> can. (Netscape is always a good source to use if you want to check if
> certain pages are *really* protected).
> Eric
> ----------------------------------------------------------
> NTISP Mailing List