View previous topic :: View next topic |
Author |
Message |
Brian Guest
|
Posted: Mon Dec 08, 2003 1:55 pm Post subject: PageGate, GetWeb, and IIS Lockdown |
|
|
I am currently evaluating, and about to purchase for my company, PageGate with additional dialer so that we can use SNPP protocol and a web interface.
I have been running it on my laptop, with IIS 5.0 and trying to run the IIS Lockdown utility from Microsoft because I have done the same on our production web server. However, every time I run IIS Lockdown, even with the bare minimum options using the "Dynamic Web Server" option, it prevents the Web Anonymous user from running webgate.exe to send a page. Any idea what option(s) that IIS Lockdown tool is disabling behind the scenes? Your help is greatly appreciated.
- Brian
|
|
Back to top |
|
Tech Support
Joined: 25 Aug 2003 Posts: 4354
|
Posted: Mon Dec 08, 2003 3:41 pm Post subject: PageGate, GetWeb, and IIS Lockdown |
|
|
Try this:
Go into the IIS manager.
Open up your website (Default website?)
Right-click on the 'Scripts' folder (or whatever folder you are using for the CGI)
Choose 'Properties'
On the 'Virtual Directories' tab, make sure the 'Execute Permissions' field is set to 'Scripts and Executables'
On the 'Directory Security' tab, click on the 'Edit' button in the section 'Anonymous Access ...'
Make sure the 'Anonymous Access' check box is checked.
Hopefully that will be all there is to it. |
|
Back to top |
|
Brian Guest
|
Posted: Mon Dec 08, 2003 6:52 pm Post subject: Re: PageGate, GetWeb, and IIS Lockdown |
|
|
Both of those options are already set.
I found a Microsoft support article that stated that URLScan being enabled might be the problem. I re-ran the IIS Lockdown tool with URLScan enable unchecked, but now I get the following error:
CGI Timeout
The specified CGI application exceeded the allowed time for processing. The server has deleted the process.
|
|
Back to top |
|
Tech Support
Joined: 25 Aug 2003 Posts: 4354
|
Posted: Mon Dec 08, 2003 8:23 pm Post subject: Re: PageGate, GetWeb, and IIS Lockdown |
|
|
This should work:
1. Run the IIS Lockdown Wizard
2. At the 'Select Server Template' screen choose 'Static Web Server' (other templates will probably work too).
3. At the 'Select Server Template' screen check the 'View Template Settings' box.
4. At the 'Additional Security' screen, uncheck the 'Scripts' box, and uncheck the 'Writing to content directories' box.
5. At the 'URLScan' screen uncheck the box and you are done, or leave it checked and continue to step 6.
6. Edit the urlscan.ini file found in c:\winnt\system32\inetsrv\urlscan\ folder.
7. In the [AllowVerbs] section and a new line with the word 'POST'
8. In the [DenyExtensions] section remove the '.exe' entry or add a ';' before it.
9. Save the file
10. Stop and restart the 'World Wide Publishing Service'
The above instructions is for Windows 2000 Server and the IIS Lockdown Tookit v2.1. Screens or instructions may be slightly different for other versions. |
|
Back to top |
|
Brian Guest
|
Posted: Tue Dec 09, 2003 1:45 pm Post subject: |
|
|
That appears to have fixed the issue. I will feel more comfortable after purchase, that we can keep our current intranet server locked down for the most part. Thank you for your responses!
|
|
Back to top |
|
Brian Guest
|
Posted: Wed Jan 14, 2004 4:22 pm Post subject: |
|
|
We have made our purchase now, and I have the software registered. In working with security for a webpage generated from the guilist.htm, I inadvertently reset security for the scripts directory that was running webgate.exe. I get CGI timeout issues again. What settings should I have for IIS security and NTFS security for the "scripts" virtual directory? This is one I created, rather than the default scripts directory since IIS Lockdown tool removed it.
Thanks again for your help.
|
|
Back to top |
|
Tech Support
Joined: 25 Aug 2003 Posts: 4354
|
Posted: Wed Jan 14, 2004 4:51 pm Post subject: PageGate, GetWeb, and IIS Lockdown |
|
|
In the IIS manager, right-click on the 'Scripts' virtual directory and choose 'Properties'. On the 'Virtual Directory' tab, make sure you have 'Execute Permissions' set to 'Scripts and Executables'. On the 'Directory Security' tab, hit the 'Edit' button next to 'Anonymous access and authentication control'. Make sure 'Anonymous access' is checked on the next screen. |
|
Back to top |
|
Brian Guest
|
Posted: Wed Jan 14, 2004 5:16 pm Post subject: |
|
|
Those settings are correct. It appears that the .msg files are not even being written to the script directory. Any other ides? Thanks.
|
|
Back to top |
|
Tech Support
Joined: 25 Aug 2003 Posts: 4354
|
Posted: Thu Jan 15, 2004 11:15 am Post subject: PageGate, GetWeb, and IIS Lockdown |
|
|
Try this to help narrow down the problem.
Give everyone full rights to the scripts folder at the file system (NTFS) level.
Test it.
If it works, then back the rights back down. |
|
Back to top |
|
Brian Guest
|
Posted: Thu Jan 15, 2004 11:18 am Post subject: |
|
|
That did take care of it. But, rather than using the scripts folder that I created, I changed the path to the default scripts folder which IIS Lockdown eliminates. It is now working. Thanks!
|
|
Back to top |
|
|