Re: IIS Lockdown
From: Lisa Cozzens [MSFT] (lcozzens_at_online.microsoft.com)
Date: 08/15/03
- Next message: Wei-Dong Xu [MSFT]: "RE: Problem with publishing a certificate"
- Previous message: Marcelo Coelho: "DLLHOST - 100% CPU - IISState Result"
- In reply to: Alan: "Re: IIS Lockdown"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Aug 2003 00:37:59 GMT
Sure. As Jonathan pointed out, you can install URLScan separately from the
IIS Lockdown Tool. As for the lockdown features provided by the tool
itself, it doesn't do anything that you can't manually do on your own. For
example, you can easily remove well-known virtual directories (iishelp,
scripts, msadc, etc.) from IIS using the Internet Services Manager. And you
can manually map "dangerous" file extensions (.idq, .htr, .shtml, etc.) to
404.dll by extracting 404.dll from the IIS Lockdown package -- see
http://support.microsoft.com/?id=315522 for more information on how to do
this.
The following article explains the various configuration options available
in the IIS Lockdown Tool, which might help you determine which options you
want to set manually:
325864 HOW TO: Install and Use the IIS Lockdown Wizard
http://support.microsoft.com/?id=325864
Is there a particular reason why you want the functionality of the Lockdown
Tool without having to install it? If you're having problems after
installing it, reviewing the available options in the above KB article
might help you figure out which ones you should enable so that you don't
disrupt the functionality of the server.
Hope this helps,
Lisa
> Yes I need to use IIS Lockdown and URLscan
>
> >-----Original Message-----
> >Do you mean you want to use UrlScan?
> >http://microsoft.com/downloads/details.aspx?
> FamilyId=23D18937-DD7E-4613-9928-
> 7F94EF1C902A&displaylang=en
> >
> >--
> >--Jonathan Maltz [Microsoft MVP - Windows Server]
> >http://www.imbored.biz - A Windows Server 2003 visual,
> step-by-step
> >tutorial site :-)
> >Only reply by newsgroup. If I see an email I didn't ask
> for, it will be
> >deleted without reading.
> >
> >
> >"Alan" <alanp@accl.co.uk> wrote in message
> >news:037401c36241$374c00f0$a001280a@phx.gbl...
> >> Can IIS Lockdown be done without using the lockdown
> tool
> >
> >
> >.
> >
>
-----
This posting is provided "AS IS" with no warranties, and confers
no rights. You assume all risk for your use.
© 2003 Microsoft Corporation. All rights reserved.
- Next message: Wei-Dong Xu [MSFT]: "RE: Problem with publishing a certificate"
- Previous message: Marcelo Coelho: "DLLHOST - 100% CPU - IISState Result"
- In reply to: Alan: "Re: IIS Lockdown"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
