Re: How to get IIS5 functional again
From: David Dickinson [MVP] (eis@no-spam.softhome.net)
Date: 05/31/02
- Next message: Jo: "decode log"
- Previous message: Steve Armstrong: "Microsoft Security Bulletin MS02-023 and IFRAMES"
- In reply to: Michel Gallant: "How to get IIS5 functional again"
- Next in thread: Michel Gallant: "Re: How to get IIS5 functional again"
- Reply: Michel Gallant: "Re: How to get IIS5 functional again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Dickinson [MVP]" <eis@no-spam.softhome.net> Date: Fri, 31 May 2002 00:46:41 -0600
Michel Gallant wrote:
> Not sure how this happened, but I think it is associated with
> applying IIS Lockdown tool (with URLScan) some time ago.
>
> Running IIS5 (with all up-to-date patches), I can't get any of the
> admin. or samples virtual directories to work at all (IISSamples,
> IISHelp etc.) which I gather all use ASP.
> The Default Web Site root is OK.
> Also when I installed .net Framework SDK a few months ago, I could get
> the QuickStart (asp.net powered) local samples working, but again
> this now doesn't work (with a "Server Application Unavailable" error).
>
> Any ideas on how to recover some of this functionality? I know that
> IIS lockdown has done a lot of things, but I really would like to
> recover some of the basic IIS5 capability with ASP and ASP.net.
If this is a production server then you certainly /do not/ want the admin or
sample scripts on the server. IISLockdown correctly removes them unless you
tell it not to do so when you run it.
However, if the machine is a development server which is not accessible from
Internet, then you can re-run IIS Lockdown and it will, in effect, uninstall
itself /if you have not reinstalled IIS/ (if you have problems then
uninstall IIS, reinstall IIS, and run IIS Lockdown -- but you'll have to
re-do all of your manual configurations). You can then run IIS Lockdown a
third time and customize it with the settings you want. Note that even if
the machine is a development server and does not face Internet, it still is
wise to configure it with IIS Lockdown: you never know what some ugly bug
that gets loose on your local network might do.
If the machine is a production server and you want the scripts, move them
someplace other than their default locations -- and I mean click and drag
them to some folder not in your path and not under inetpub and that you've
created just for them. Otherwise a hacker may find a way to access them.
IIS Lockdown Tool
http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/defau
lt.asp
URLScan Security Tool
http://www.microsoft.com/TechNet/security/tools/tools/URLSCAN.asp
Make Your Windows Servers Secure
http://www.microsoft.com/techNet/security/tools/chklist/wsrvsec.asp
-- David Dickinson, MVP (Security) EveningStar Information Services Las Cruces, NM USA Summary of Microsoft Security Bulletins http://www.zianet.com/bwd/securitybulletins.asp
- Next message: Jo: "decode log"
- Previous message: Steve Armstrong: "Microsoft Security Bulletin MS02-023 and IFRAMES"
- In reply to: Michel Gallant: "How to get IIS5 functional again"
- Next in thread: Michel Gallant: "Re: How to get IIS5 functional again"
- Reply: Michel Gallant: "Re: How to get IIS5 functional again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
