RE: Outlook Web Access security

From: brett hill, IIS MVP (
Date: 12/28/04

Date: Tue, 28 Dec 2004 09:51:03 -0800

The baseline analyzer makes the suggestion you disable parent paths, but like
most security configurations, it is a suggestion, not a directive. OWA may
require parent paths and it sounds like it does. The lockdown tool is not
involved in this so there is no need to undo what it has done. Simply do what
you can that the baseline analyzer suggests, but do not disable parent paths
if it is required by your application. Many, many applicaitons use parent
paths so it is commonly left enabled, but would be best if it was disabled
for security reasons.