Shulou(Shulou.com)06/01 Report--

How to use IIS Lockdown, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this to learn, I hope you can gain something.

To protect IIS servers, we choose to use IIS Lockdown. IIS Lockdown is easy to use. Double-click iislockd.exe to launch the Internet Information Services Lockdown Wizard. Follow the wizard step-by-step and you'll soon be able to add a lock to your Web server.

The welcome screen appears first, click "Next" to display the End User License Agreement screen, select the I Agree option, click "Next" to enter the server template selection dialog box. Choose a template that is closest to the current server configuration, assuming that you are using the Static Web Server template.

Check the View Template Settings option and the wizard will display a series of dialog boxes about that template type. If this option is not checked, the wizard will skip these dialog boxes and proceed directly to the URLScan installation process.

Click Next to bring up the Internet Services dialog box, which is the *** page that actually configures IIS locking options. IIS Lockdown disables or removes four IIS services: HTTP, FTP, SMTP, and NNTP (Network News Transport Protocol).

How do we know which services are essential? In addition to the server template type selected above, personal experience and thorough testing are equally important.

The IIS service option in the Internet Services dialog box has three states:

(i) Enabled: option is checked and checkboxes are marked, e.g. Web services. Clearing the checkbox flag disables the service.

(ii) Enabled but recommended disabled, e.g. E-mail service: option unchecked and checkboxes unmarked in figure II. If the checkbox is left cleared, the service is disabled.

(iii) Disabled and not selectable, for example, File Transfer service in Figure 2: If an option is grayed out and its checkbox is not checked, it means that the service is not allowed to be modified, either because the service is not installed or because the currently selected server template requires the service.

If the purpose of the server does not change frequently, *** delete the unused service completely, so that no one will activate it intentionally.

Click Next and the wizard displays the Script Maps dialog box. Script mapping refers to associating specific file extensions with ISAPI (Internet Server API) execution files, and the contents of such files are interpreted by the specified ISAPI files. For example, the.asp file type maps to asp.dll.

If certain types of script files are disabled, IIS Lockdown will map the script to a special DLL that will return a "file not found" message when the user tries to run the script file. To disable a certain type of file, simply clear the checkbox for that type of file in the previous dialog.

Click "Next" to enter *** an IIS Lockdown options dialog box Additional Security, through which you can delete unwanted directories and prohibit unauthorized users from accessing the file system.

After IIS is installed, there will be many virtual directories for development and learning. These directories are not needed in the environment that officially provides services to users. IIS Lockdown will delete the virtual directories selected in the dialog box in Figure 4, but the data contained in these directories will still be intact.

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.