IIS Lockdown tool

IIS Lockdown tool (Full Version)

All Forums >> [Web Development] >> Server Issues

Message

c1sissy -> IIS Lockdown tool (3/16/2003 12:20:32)
Could someone explain the IIS lockdown tool for me? I have a program called Microsoft Baseline Security Analizer, which I ran on my computer and it says that I need this. It refers to this as me being in high risk because I don' t have this. Like I said, I am below beginner on this one, so appreciate any help that comes my way.

Doug G -> RE: IIS Lockdown tool (3/16/2003 13:28:24)
This is a security tool that disables various features of IIS that may pose a security risk. If your web server is exposed to the Internet you should consider using the IIS lockdown wizard. In many cases the tool is too restrictive and disables things you need for development purposes, like asp processing & such, and you should consider what features you want off & on. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/locktool.asp

c1sissy -> RE: IIS Lockdown tool (3/16/2003 13:33:41)
Doug: Thanks again for coming to my rescue with an answer! I' ll read the information at the link that you provided before I pose any more questions that I have in regards to your answer. I need to remember to use Microsoft a bit more. I always forget about it. Though I do search these things, I never thought about MS. Have a great day! Thanks again.

Doug G -> RE: IIS Lockdown tool (3/16/2003 15:57:34)
The link above came from a google search for " iis lockdown tool" . I' d be lost without my Google toolbar :)

c1sissy -> RE: IIS Lockdown tool (3/16/2003 17:39:17)
Doug: I usually use google search, however, I didn' t use it for this subject this time. I did search for some sort of tutorials. I also have the copernic search engine, which I love. Guess I' ll do some more googling![;)]

caywind -> RE: IIS Lockdown tool (3/16/2003 17:49:35)
Please note: It is highly recommended that you back everything up, before running the tool. Also, the baseline security analyzer is probably going to report that to all installations of IIS on NT or W2K. Here' s what happened. The default installation of IIS created some other webs like admin and ???. The admin website is used to administer IIS from a web browser. It was soon realized that this pretty much left the web server (IIS) wide open. The lockdown tool was implemented to close down access to this site and address a lot of other security issues in IIS. Unfortunately, it tends to go overboard, and after it runs, nobody can get access to any sites. If possible, I would just run it on a test server first, but you may not have a " spare" server laying around....

c1sissy -> RE: IIS Lockdown tool (3/18/2003 20:08:37)
Caywind: The IIS is on my computer. No spare server! I have a windows xp pro with the IIS 5.1. Also, back up, good idea, lol, my computer wiz nephew always does this for me. Not something that I have ever done. (The one time that I tried, I lost a group of pictures somehow. Of which I am still hanging onto in the hopes that someone in the future will come up with the perfect program to replace what is missing.[:(]) quote: Also, the baseline security analyzer is probably going to report that to all installations of IIS on NT or W2K Please dont think that I' m a duh on this one, but could you please explain this a bit better? Thanks.

storm -> RE: IIS Lockdown tool (3/20/2003 6:16:38)
Looking for security guidelines...visit the NSA website. Yes, The National Secuirty Agency. All manner of good recommendations for locking down Windows boxes. http://www.nsa.gov/snac/index.html

c1sissy -> RE: IIS Lockdown tool (3/20/2003 7:02:05)
Thanks much Storm, I really appreciate this.

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.078125