Welcome to Community Server Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)

IIS and Kerberos Part 8 - a simple cross Forest/Domain delegation scenario

Posted Saturday, June 28, 2008 8:45 PM by Ken
In this part we extend, slightly, upon the previous scenario , by adding delegation. Now we need to allow IIS, in our resource Forest (or domain) to delegate the end user’s credentials, to a backend service (SQL Server in this case): The machines Read More...
0 Comments
Filed under: ,

IIS and Kerberos Part 7 - A simple cross Forest scenario

Posted Monday, May 12, 2008 10:13 PM by Ken
Note: I have created a list of all the IIS and Kerberos parts I'm finally getting around to writing this section on IIS and Kerberos. This initial post will cover the basics of a cross-Forest Kerberos authentication scenario. In the next few posts Read More...
6 Comments
Filed under: ,

IIS - two security patches this month

Posted Tuesday, February 12, 2008 8:23 PM by Ken
Hi all, There are two security patches out this month for IIS. The first ( MS08-005 ) affects Windows XP x86 (IIS 5.1), Windows XP x64 (IIS 6.0), Windows Server 2003 (IIS 6.0) and Vista RTM (IIS 7.0). Vista SP1 and Windows Server 2008 are not affected. Read More...
0 Comments
Filed under: ,

Publishing Operations Manager 2007 Web Console with ISA Server 2006

Posted Thursday, August 02, 2007 4:36 PM by Ken
Having just deployed a test Operations Manager 2007 server at home, I wanted to publish the Web Console site externally, so I wouldn't have to continually TS into my box at home, and use the regular console. My only problem is that I have a single Read More...
0 Comments
Filed under: , ,

IIS and Kerberos Part 5 - Protocol Transition, Constrained Delegation, S4U2S and S4U2P

Posted Wednesday, July 18, 2007 10:24 PM by Ken
Protocol Transition is a new feature in Windows Server 2003. The Kerberos implementation in Windows Active Directory domains provides the robustness of Kerberos whilst also obviating a number of the technical issues with non-Windows Kerberos implementations Read More...
11 Comments
Filed under: ,

Can you install more than one certificate per web site? (IIS 5 / 6)

Posted Friday, May 11, 2007 9:00 PM by Ken
I was asked recently by a colleague if a website defined in IIS could have multiple SSL certificates installed, so that the website would answer requests for https://www.abc.com as well as https://www.def.com without generating an error in the user's Read More...
0 Comments
Filed under: ,

Certificate Services (2000, 2003) Web Enrollment does not work on Vista

Posted Tuesday, May 01, 2007 11:45 PM by Ken
Unfortunately if you have a new Vista PC, and you try to use the web enrollment pages (certsrv) hosted on a Windows Server 2000 Certificate Authority (CA) or a Windows Server 2003 CA, you won't be able to enrol for a certificate (indeed if you're Read More...
1 Comments

IIS and Kerberos. Part 4 - A simple delegation scenario

Posted Saturday, January 27, 2007 2:31 PM by Ken
Delegation is a feature of Kerberos authentication that allows a server to obtain a Kerberos ticket on behalf of an end user without ever having access to the end user's password. This functionality allows Kerberos to solve typical "double-hop" Read More...
2 Comments
Filed under: ,

IIS and Kerberos. Part 3 - A simple scenario

Posted Tuesday, January 16, 2007 5:32 AM by Ken
In Part 3 of this series we look at setting up Kerberos Authentication in the simplest possible scenario. If you missed Parts 1 ( What is Kerberos and how does it work ) and 2 ( Service Principal Names ) they may be worth reading first. In this scenario, Read More...
8 Comments
Filed under: ,

IIS and Kerberos. Part 2 - Service Principal Names

Posted Sunday, November 19, 2006 6:29 AM by Ken
Apologies for the delay in posting Part 2 - I've been on holidays so it's been a bit hard finding the time to write these posts. In this part we cover Service Principal Names (SPNs). In a previous post we covered the basics of Kerberos authentication. Read More...
5 Comments
Filed under: ,

IIS and Kerberos. Part 1 - What is Kerberos and how does it work?

Posted Thursday, October 19, 2006 10:01 PM by Ken
Edit: I've created a list of all the parts in this series here , which will be updated as I add more parts. Configuring Kerberos and Delegation is one of the more common problems I see in the communities and even within Avanade. Since Kerberos isn't Read More...
7 Comments
Filed under: ,

Why Vista? Mandatory Integrity Control (MIC) (Security, Stability, System Integrity)

Posted Friday, August 18, 2006 8:02 AM by Ken
A little discussed feature in Windows Vista is Mandatory Integrity Control (MIC). Unlike DACL (Discretionary Access Control Lists), MIC is designed to protect your operating system based on the trustworthiness of the code being run. High integrity files Read More...
4 Comments

On Identity and Authorization

Posted Tuesday, August 08, 2006 8:33 AM by Ken
Well it seems Mitch is talking about user-centric identity again. :-) I'd like to say that users should be in control of their identity. And identity exchange systems that make it easier, better and more secure for users to interact with computer Read More...
(Comments Off)
Filed under:

Why Vista? Changes to services part 2 (Security, Stability, System Integrity)

Posted Saturday, August 05, 2006 3:57 AM by Ken
What else has changed with services in Vista? The user contexts that services run under has changed dramatically in Windows Vista. Instead of running as LocalSystem, many services now run as lower privileged Network Service or Local Service for most of Read More...
1 Comments

ISA Server 2006 Released

Posted Wednesday, August 02, 2006 8:05 AM by Ken
Microsoft ISA Server 2006 has been released. Internally within Avanade we have been using ISA Server 2006 (aka Wolverine) for around six months to publish our internal Early Adopter environment (Exchange 2007, Sharepoint 2007 etc) where we test Microsoft Read More...
(Comments Off)
Filed under: ,
More Posts Next page »