Security Changes in IIS 7.0
IIS 7.0 builds on the security focus established in its predecessor, IIS 6.0. As a result, the overwhelming majority of the core security principles and features established in IIS 6.0 are still in use today. However, IIS 7.0 does introduce improvements to help enhance the security of the Web server:
The anonymous user configured by default for anonymous authentication is the new built-in IUSR account. This account is built in and does not require a password that needs to be renewed and synchronized between servers. Additionally, permissions set for IUSR accounts are effective when copied to another IIS 7.0 server because the IUSR account has a well-known Security Identifier (SID) that is the same on every computer. ...
Get Internet Information Services (IIS) 7.0 Resource Kit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.