IIS with DOTNET 1.1

From: Dimitrie (dimitrie.agafitei_at_verizon.net)
Date: 09/25/03

Date: Thu, 25 Sep 2003 11:26:52 -0400

I would like to install the DOTNET 1.1 FRMWRK on a production machine (IIS5
Win2k). It runs ASP and it's locked down with the IIS 2.1 LockDown Tool and
a bunch of few other tweaks. The intent is to start porting old ASP scripts
to ASPX. No web services intended.

By simply installing the framework and not running any ASPX scripts is the
machine still secure? Do I have to take any further steps to lock down the

Can anyone point me to a Securing IIS5 and .NET guide or whitepapers?
Or if you can briefly advise me on the steps it would be great.