Re: IIS Lock Down Tool

From: Chris Adams (chriad-msft_at_microsoft.com)
Date: 06/28/03 

Date: Sat, 28 Jun 2003 14:48:59 -0700

Hey ~

I have to plead ignorance and say that I don't typically remove either the
lockdown or urlscan once I have applied it...

With that said, I preface this - the metaback was designed for this type of
role;
    a). Install lockdown to Orginal config
        1a). Backup original in case of disaster
        2a). Lock down according to selections (template, etc.)
    b). Uninstall Lockdown
        1b). Verify that good backup of original exists in metaback
        2b). Uninstall lockdown
        3b). Restore "original metabase"

Hence, it wasn't designed to serve as a backup of every action. I can't say
that I am 100 percent confident in this answer, but in short, I think you
may be looking @ needing to restore your metabase from a backup to close
that gap of changes that occurred in that year or so...

NOTE: I BOLD THIS FOR THOSE WHO DO NOT KNOW, URLSCAN IS DIVORCED FROM THE
LOCKDOWN TOOL. THEY ARE STILL RECOMMENDED ON ALL IIS SERVERS PRIOR TO IIS
6.0. HOWEVER, THEY ARE SEPARATE DOWNLOADS.

URLScan only:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/urlscan.asp

LockDown Tool:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/locktool.asp

Thanks, 

-- 
~Chris (MSFT)
IIS Supportability Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.
"Sarah" <effutiation@yahoo.com> wrote in message
news:0acf01c33cf3$905cdbb0$a001280a@phx.gbl...
> Hi...
>
> The IIS LockDown Tool was apparently first initiated on a
> particular server some time in Nov 2002.  The URLScan was
> removed beginning of June 2003.  To re-install the
> URLScan, the IIS lockdown tool was reinitiated and we were
> then prompted to reapply original configuration.  This has
> reset the IIS metabase and changes made to IIS between
> Nov2002 and June 2003 were removed.  The lockdown tool
> creates a backup of the metabase and places it in
> the 'metaback' folder.  My question...How would one go
> about restoring the metabase from that back up file
> created by the lock down tool...  (oblt-beforeundo-mb.MDO)
>
> Any advise would be MUCH appreciated...
>
> Thanks...

Relevant Pages

  • Re: Problems with IIS Lockdown Tool
    ... I run IIS lockdown on few hundreds box. ... > Lockdown tool does not restore removed services. ... >>warned me that it would uninstall the settings ...
    (microsoft.public.inetserver.iis.security)
  • Re: OWA Forbidden popup
    ... I had applied the URLScan and lockdown months ago. ... Exchange 2003 Service Pack1. ... >same IIS server running OWA 2003. ...
    (microsoft.public.exchange.admin)
  • Re: OWA unable to open attachments
    ... lockdown or urlscan. ... SUS is not install on this server. ... >Did you install IIS Lockdown tool? ... >> the Outlook client just not OWA. ...
    (microsoft.public.exchange.setup)
  • Re: Adding Attachment in OWA crashes server
    ... downloaded or lockdown the ISS on my server. ... >> URLscan file, which I could not find on my system. ... remember installing ...
    (microsoft.public.exchange2000.admin)
  • Re: iis lockdown
    ... urlscan, you can always check the urlscanxxxxxxx.log ... check IIS MMC - application mapping for asp. ... > I had a software package load on a server and it had the> lockdown tool in it. ... It completely reconfigured my iis> server so that my web site with asp is not working and my> email services are down. ...
    (microsoft.public.inetserver.iis.security)