RE: Default App Pools and Security Settings for Default Website

Brandy - Great information - thank you. I was actually looking for what App
Pool should be assigned to what subsite within the Default IIS Website in
SBS. Meaning Default Web/Exchange runs under DefaultAppPool and should be
set for Annon access with Scripts Only enabled.

Somehow it appears these settings where changed in IIS and I'm trying to
confirm the setup.

""Brandy Nee [MSFT]"" wrote:

> Hello,
>
> Thank you for posting to the SBS Newsgroup.
>
> From your description, I understand that you want to know DefaultAppPool,
> Default Web Site and its subsites settings in IIS 6.0. If I have
> misunderstood your concern, please let me know.
>
> Please see my information below:
>
> On SBS 2003, the DefaultAppPool, the ExchangeMobileBrowseApplicationPool
> and the StsAdminAppPool run under the well known account Network Service,
> while the ExchangeApplicationPool and the MSSahrePointAppPool run under
> Local System. Both accounts should have this right by default.
>
> DefaultAppPool Settings:
>
> a) On the server, expand to Server Management\Advanced Management\Internet
> Information Services\Yourserver(local computer)\Application
> Pools\DefaultAppPool.
>
> b) Right click DefaultAppPool, Properties.
>
> c) Recycling tab, check the box Recycle worker processes at the following
> times, and input the time.
>
> d) Performance tab, check the boxes in the Idle time and Request queue
> limit.
>
> e) Health tab, check the boxes Enable pinging and Enable rapid-fail
> protection.
>
> f) Identity tab, enable Predefined and select Network Service.
>
> g) Click OK.
>
> Default Web Site Settings:
>
> a) On the server, expand to Server Management\Advanced Management\Internet
> Information Services\Yourserver(local computer)\Web Sites\Default Web Site.
>
> b) Right click Default Web Site, go to Properties, Web Site tab.
>
> c) TCP Port 80, SSL Port 443.
>
> d) Checked both of the boxes Enable HTTP Keep-Alives, and Enable logging.
> The Active log format is W3C Extended Log File Format.
>
> e) Directory Security tab. click the first Edit button, the default setting
> should be:
>
> Enable anonymous access" - By default, the "Enable anonymous access" should
> be checked and I do not recommend you to disable it.
> "Integrated Windows authentication"
>
> After you change back all the default settings, run "iisreset" (without
> quotation marks).
>
> Hope this information helps. If anything unclear or you have any concerns,
> please let me know. I am looking forward to hearing from you.
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
.