April 30th, 2003, 11:12 AM
IISAdmin, IISHelp, and the others
I was wondering if I were to uninstall all the IIS help scripts and files, if it would influence IIS. Also, what about MSADC and webpub, can they be removed? What is their purpose?
April 30th, 2003, 03:19 PM
April 30th, 2003, 08:31 PM
Micky05's links are good sources. I'd start especially with the last link, MS' IISLockdown tool: it does most if not all of what we used to have to do by hand to secure IIS.
Concerning the help scripts, you sure can remove them. In fact it's very recommanded (I think the IISLockdown tool in fact removes them). Same goes with MSADC and webpub (both of which have been compromised in the past). Good rule of thumb with IIS is to remove everything (ISAPI associations, default/help scripts...) you don't need, and if you don't know what it is, you probably don't need it.
Credit travels up, blame travels down -- The Boss
May 1st, 2003, 12:19 AM
Yup, it's ok to remove pretty much everything.
What I would normally recommend doing (on a Windows server box anyway, where you can have multiple "Web sites"), is to turn off "Default web site" completely.
I normally move "Default web site" to a high port number and turn it off. That way anything which expects it to be there can still find it there, but it won't be a security risk any more. Also moving it to a high port number should ensure that if it's accidentally re-enabled, it won't be accessible because that high port number will be blocked by your firewall, right?
Then just create another "Web site" for your real stuff.
I was highly disappointed when, a few years ago, I wrote an IIS lockdown tool, only to find a few months later that M$ had written their own to do pretty much the same thing