Configuring IIS, cont’d
Configuring IIS, cont’d
IIS web-based administrative functionality should be disabled, or limited to secure access (via SSL, for example). Since all administration can be done from the console using the MMC interface, disabling/deleting the Administrative Web Site is usually a good idea.
Log files should be moved to somewhere other than the system partition.
FrontPage extensions should be uninstalled if not used.
Content indexing should be disabled if not used.
Unless executables specifically need to be run, only scripts should be allowed to run.
IIS configuration can be done at a general level, or to individual virtual servers. When done generally, it will apply to all virtual servers that you later create.
Home
Speakers
Maps & Hotels
Photos
CF Conf Central
Please send comments/questions to
[email protected]