Re: Windows 2000 Server IIS 6.0

From: adam (whiteikon_at_comcast.net)
Date: 08/28/04 

Date: Fri, 27 Aug 2004 20:13:02 -0400

Miha Pihler wrote:

> Hi,
>
> http://www.microsoft.com/security/bulletins/default.mspx
>
> Look under Internet Information Services (IIS)
> - Bulletins Released in 2002
> - Bulletins Released in 2002
>
> Better way to go about this would also be MBSA (Microsoft Baseline Security
> Analyzer). It's a free tool from Microsoft that can scan your network
> (domain, subnets) or specific computer. It will tell you what patches are
> missing (not only IIS patches but also OS patches) and what else you can do
> to e.g. protect your IIS (e.g. remove IISSamples, Scripts and Printers
> folder etc.)
>
> Microsoft Baseline Security Analyzer v1.2.1 (for IT Professionals)
> http://www.microsoft.com/downloads/details.aspx?FamilyID=b13ebd6b-e258-4625-b0a3-64a4879f7798&DisplayLang=en
>
> After you identify missing patches you can use this page to download them
> http://www.microsoft.com/downloads In search windows enter number of
> security buleting e.g. MS04-16 or by update number (e.g. 839643)
>
> Mike
>
> "Tim T" <TimT@discussions.microsoft.com> wrote in message
> news:ACB4BE57-8CC7-4352-8B2E-D75F79809D9C@microsoft.com...
>
>>Ok, than were can I find Win2000 Server IIS 5.0 Patches or updates?
>>
>>"Miha Pihler" wrote:
>>
>>
>>>Hi Tim,
>>>
>>>You can't run IIS 6.0 on Windows 2000 server. IIS 6.0 can only be run on
>>>Windows 2003.
>>>
>>>On Windows 2000 you can run IIS 5.0.
>>>
>>>Mike
>>>
>>>"Tim T" <TimT@discussions.microsoft.com> wrote in message
>>>news:A56D1FAF-53EC-4692-BF96-B31EB73E423D@microsoft.com...
>>>
>>>>Where can I find any Win2000 Server patches or updates for IIS 6.0.
>>>>
>>>>Thanks,
>>>>Tim
>>>
>>>
>>>
>
>
I would also recomend using the iislock downtool, best to run it over
something first to see what applications may break on your system. Also
removing netbios over tcp/ip in your network settings and altering the
urlscan configuration (urlscan installed with lockdown tool). You
should also apply the hisecweb security policy. There is also a
registry key that you should change but the MBSA will pick that up for
you, RESTRICTANONYMOUS is the DWORD and i would recomend using a value
of 2. You can also adjust the permissions of cmd.exe in your winnt
directory and disallow access from the iwam and iusr accounts.

Just note that the lockdown tool will change permssions on your web
directories, which should be set to read only anyway.

Relevant Pages

  • Re: Patch management
    ... > computer, install a clean XP version, apply all the patches necessary to get ... Installed the latest MBSA. ... The Microsoft Baseline Security Analyzer allows administrators to ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Windows 2000 Server IIS 6.0
    ... Look under Internet Information Services (IIS) ... Better way to go about this would also be MBSA (Microsoft Baseline Security ... It will tell you what patches are ... Mike ...
    (microsoft.public.win2000.security)
  • baseline security analyser
    ... I have run the newest version of Microsoft baseline security analyser and it ... downloaded the patches for all of these and installed them and re ran MBSA ...
    (microsoft.public.security)
  • RE: MS defends MBSA
    ... >first have to check for patches and hotfixes for the tool that is ... The MBSA is a piece of software. ... scan my user's machines and check them for dubious MS Office security ...
    (Focus-Microsoft)
  • Re: IIS Hack : Anyone explain cause...
    ... it looks like you cleaned up the server -- if you care about security, ... Microsoft tries and mostly succeeds to release patches PRIOR to ... weeks/months/years prior to exploitation. ... > protected rant as we all know that IIS and indeed lots of software has ...
    (microsoft.public.inetserver.iis)