Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Help with IIS Lockdown tool

0 views
Skip to first unread message

David Freeman

unread,
Sep 26, 2001, 6:54:44 PM9/26/01
to
I have installed the IIS Lockdown tool on my server with
the most secure settings. I checked everything except my
web based email program and now it won't work and I can't
undo the lockdown because it only allows one undo. Can
anyone tell me how to get my system back the way it was
before the lockdown? I would really appreciate any help!

Chris Crowe [MVP]

unread,
Sep 27, 2001, 5:14:55 AM9/27/01
to
Are you saying that everything but your Web Based Email program works?

Did you write the Web Based Email application?, When you say it won't work -
what does that really mean? Do you get an error message from the program?,
does something get written to the event log?

This is the default of what the IIS lockdown tool does in express mode.

Maybe ASP is disabled and your web based email program uses ASP?

See this article to see exactly what the IIS lockdown tool does.
http://www.iisfaq.com/Articles/382/

Backed up metabase
Locked httpext.dll
Locked idq.dll
Removed script map: .htw, C:\WINNT\System32\webhits.dll
Removed script map: .ida, C:\WINNT\System32\idq.dll
Removed script map: .idq, C:\WINNT\System32\idq.dll
Removed script map: .asp, C:\WINNT\System32\inetsrv\asp.dll
Removed script map: .cer, C:\WINNT\System32\inetsrv\asp.dll
Removed script map: .cdx, C:\WINNT\System32\inetsrv\asp.dll
Removed script map: .asa, C:\WINNT\System32\inetsrv\asp.dll
Removed script map: .htr, C:\WINNT\System32\inetsrv\ism.dll
Removed script map: .idc, C:\WINNT\System32\inetsrv\httpodbc.dll
Removed script map: .shtm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .shtml, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .stm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .printer, C:\WINNT\System32\msw3prt.dll
Removed printer virtual dir (/LM/W3SVC/1/ROOT/Printers)
Removed samples (/LM/W3SVC/1/ROOT/IISSamples)
Removed MSADC virtual dir (/LM/W3SVC/1/ROOT/MSADC)
Removed scripts virtual dir (/LM/W3SVC/1/ROOT/Scripts)
Set Deny All ACE for anonymous web users on system utilities under C:\WINNT
Set Deny Write ACE for anonymous web users under c:\winnt\help\iishelp
Set Deny Write ACE for anonymous web users under
C:\WINNT\System32\inetsrv\iisadmin
Set Deny Write ACE for anonymous web users under C:\Program Files\Common
Files\Microsoft Shared\Web Server Extensions\40\isapi
Set Deny Write ACE for anonymous web users under c:\inetpub
Lockdown finished.
Details written to undo log (oblt-log.log). Note: modifying or erasing
oblt-log.log will prevent the tool from being able to successfully undo the
results of this lockdown.

--
Chris Crowe [MVP, MCP+I, MCSE]
www.iisfaq.com

IISFAQ.COM the unofficial IIS FAQ web Site.
1000's of links to articles, 100s of home grown articles, ADSI Scripts!!!


"David Freeman" <cp...@nls.k12.la.us> wrote in message
news:138801c146de$3bc58910$b1e62ecf@tkmsftngxa04...

0 new messages