RE: What I would like the MS IIS Lockdown tool todo

From: McCammon, Keith (Keith.McCammon@eadvancemed.com)
Date: 08/28/01


Message-ID: <BB7FD4FF9E440648A731452E5D341FB0654497@hitsexchange01.advance-med.com>
From: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>
To: 'Ian Macdonald' <secmail@dirk.demon.co.uk>, 'Focus-MS' <focus-ms@securityfocus.com>
Subject: RE: What I would like the MS IIS Lockdown tool todo
Date: Tue, 28 Aug 2001 12:57:11 -0400


---------------------------
1) First I would like a good document describing what it is supposed to
do and how this tool does it.
---------------------------

It looks like the .chm is as good as it gets.

---------------------------
2) I would like to be able to run it from the command line.

3) Logging to a text file, explaining what files have been deleted, what
registry settings have been changed, and what metabase settings have been
changed
---------------------------

You can start it from a command-line, but it doesn't appear to behave any
differently. It just runs its course as always.

---------------------------
"The source code??"
---------------------------

That's funny. I'll just leave that one alone...

---------------------------
I was really hoping that this tool would allow me to remove unneed script
mappings from all websites and virtual directory. It is easy to remove the
script mappings using something like

cscript c:\winnt\system32\inetsrv\adminsamples\adsutil.vbs set
/w3svc/scriptmaps ".asa,C:\WINNT\System32\inetsrv\asp.dll,1,PUT,DELETE"
".asp,C:\WINNT\System32\inetsrv\asp.dll,1,PUT,DELETE"
---------------------------

I think that the hisecweb security template should knock this out.

Overall, I was pretty disappointed with the tool as well. So I do feel your
pain. The more tools they put out, the more I realize that if you want it
done right... (you know the rest).



Relevant Pages

  • Re: configuring FTP Server in wince device.
    ... It's all in the registry settings - the MSDN page covers it. ... From the command line on thedevicerun the following: ... dragging the catalog item and i am sure that ftpd.dll is included in ...
    (microsoft.public.windowsce.embedded)
  • Re: Is it possible to enable volume shadow copy with vssadmin ?
    ... i wounder if it's possible to only enable volume shadow copy, ... command line? ... that if you figure out the Registry settings you can do it from a script ... If you don't know the settings needed, use a RegWatch type utility to ...
    (microsoft.public.windows.server.general)
  • Re: Update Windows Registry w/Access
    ... >The shell command in Access will not recognize the ... >path command - neither will it recognize the set command in a dos shell. ... doesn't affect the registry settings. ...
    (microsoft.public.access.modulesdaovba)