Re: VS.NET - IIS Lockdown

From: Yan-Hong Huang[MSFT] (yhhuang_at_online.microsoft.com)
Date: 03/03/04 

Date: Wed, 03 Mar 2004 05:54:48 GMT

Hi Roland,

Thanks for the detailed reply. It contains quite a lot of information.

I haven't set up such complicated environment before. From the description,
I feel the main concern here is what whether IIS Lockdown tool can bring
some potential issues under this situation, right?

I just discussed it with our Tech Lead in IIS support. In theory, IIS Lock
down is a tool for setting up some templates to secure secure your IIS
server against attack. It is a tool which makes this work easier for IIS
admins. Almost all of work of it can be done manually also. The IIS
Lockdown Wizard just makes it easier. So generally speaking, it won't
conflict with existing services and web applications. If web applcation
can't work normally after using IIS Lockdown, that means we get something
setup wrongly in IIS server. Under this situation, we need to look at event
log, error message and troubleshoot it to see which part is set improperly.

So I feel you can install IIS Lockdown tool and test it. If there is
anything wrong, we could compare the setting and look into error message to
find the error part. Also, filemon and regmon tool at www.sysinternals.com
could help a lot.

Besides, I checked some KB articles, and found that Lockdown Wizard permits
you to disable certain optional features of IIS that are required for the
correct operation of other applications, such as Exchange and FrontPage. If
you do not select the correct options when you run the Lockdown Wizard, you
may break the functionality of these applications. To minimize problems,
carefully review the Microsoft Knowledge Base articles that are appropriate
to your system configuration before you run the Lockdown Wizard:
(You can visit these KB articles online by using
http://support.microsoft.com/?id=******, just replace ****** with 6 digits
KB article number)

Exchange and Outlook Web Access (OWA):
309508 XCCC: IIS Lockdown and URLscan Configurations in an Exchange
Environment

Microsoft Mobile Information Server:
311595 XCCC: How to Install and Configure Microsoft Security Tool Kit On a
Microsoft Mobile Information Server

Microsoft Small Business Server:
311862 How to Use The IIS Lockdown Tool with Small Business Server

Microsoft Project, Project Server, and Project Web Access:
321357 PSRV2002: Error Messages When You View a Microsoft Project Web
Access Page That Contains Grids

316398 PRJ2000: Configuring the IIS Lockdown Tool and URLScan Security Tool
with Microsoft Project Central

Microsoft SharePoint Portal Server:
309675 SPS: IIS Lockdown Tool Affects SharePoint Portal Server

319633 SPS: 'Script Execution Error: Error Executing INVOKE' Error Message
After You Install IIS Lockdown Wizard

Microsoft Visual Studio .NET:
310588 PRB: Security Toolkit Breaks ASP.NET Debugging in Visual Studio .NET

315904 BUG: 'ExternalException: Cannot Execute a Program' Error Message
When You Call WebServices from .aspx Page

Microsoft FrontPage:
317390 FP2002: 'HTTP/1.1 404 Object Not Found' Error Message Occurs When a
User of Your Web Page Performs a Search

307976 FP: Error Message When You Use FrontPage with URLScan

Microsoft Proxy Server:
311675 Cannot Search Proxy Server 2.0 Online Help After the IIS Lockdown
Wizard Is Installed

For detailed message on using IIS Lock Down, please refer to:
"HOW TO: Install and Use the IIS Lockdown Wizard"
http://support.microsoft.com/?id=325864

Hope that helps.

Best regards,
Yanhong Huang
Microsoft Community Support

Get Secure! ¨C www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.