Re: Running The IISLockDown "SMS" Tool On SMS 2003 Server After Installation
From: TerryM (nospam_at_hotmail.com)
Date: 05/18/04
- Next message: simone: "Re: Discovery Problem: forest with two domain"
- Previous message: TerryM: "Re: Remote agent"
- In reply to: MarkW: "Running The IISLockDown "SMS" Tool On SMS 2003 Server After Installation"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 17 May 2004 21:45:12 -0400
Here are the comments I found on a SMS guide:
Important
If you use the Microsoft IIS Lockdown tool (Iislockd.exe) to increase
security protection, be sure to apply it to IIS-enabled SMS site system
computers (by using the SMS 2003-specific template) before you enable the
computer as an SMS site system. If you use the IIS Lockdown tool after you
create the site system, your site IIS-dependent site system will not
function properly. For more information about the IIS Lockdown tool, see
your IIS documentation.
Upgrading a computer that is running IIS to Windows Server 2003
requires that IIS be locked down by using the IIS Lockdown tool. If you have
an SMS reporting point on a computer running a Windows 2000 Server family
operating system, and you do not run the IIS Lockdown tool before you
upgrade that server to Windows Server 2003, your reporting point will not be
operable after the operating system upgrade. To reinstate reporting
functionality, you must enable IIS after the upgrade by invoking Internet
Information Services (IIS) Manager in Administrative Tools. For more
information, see your Windows Server 2003 documentation.
To use BITS, the site system must have IIS installed and enabled. If
you use the Microsoft IIS Lockdown Tool (Lislockd.exe) to increase security
protection on a computer running IIS, be sure to apply it to the computer
(using the SMS 2003-specific template) before enabling the computer as an
SMS site system. This only applies to SMS site systems that require IIS
components.
I have never tried doing this afterwards but maybe somewhere in the above
info you will find some ideas.
Terry
"MarkW" <m.williams@hefce.ac.uk> wrote in message
news:4A22D15D-738C-4EF1-A604-F24016211293@microsoft.com...
> I was wondering whether anyone could help. I've installed SMS 2003 in our
"mixed" Windows 2000 AD environment. We have all the site system roles e.g.
Site Server, Reporting Server, Management Point e.t.c. based on "one"
central server (we have about 250 clients and thought that the server would
be up to the job of doing all the roles - so far this seems justified).
>
> The SMS site is up and running and we have about 20 clients installed with
the Advanced Client so far. I now want to tighten up the security on the
site server itself. One thing I've heard mentioned is the security of IIS.
We use IIS on other machines in our organisation (Intranet) and colleagues
have run the IIS Lockdown tool on these as well as the URLScan program.
>
> Looking through the SMS 2003 documentation, I understand that you should
run the IIS Lockdown tool on the site server and use the "SMS 2003 Lockdown
Tool Template" which you should use from the SMS 2003 Toolkit 1. However,
I've since discovered that this was meant to have been run before the SMS
2003 Site Server installation ? Does anyone know whether this can be run
after installation at all ? I don't want to have to remove SMS 2003 and
then re-install if I can help it.
>
> Thanks
>
> Mark
- Next message: simone: "Re: Discovery Problem: forest with two domain"
- Previous message: TerryM: "Re: Remote agent"
- In reply to: MarkW: "Running The IISLockDown "SMS" Tool On SMS 2003 Server After Installation"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
