Implementing Windows Security
When implementing an IIS server, you must first ensure that the Windows server hosting the IIS service is secure. Measures you can take include the following:
Minimize services.
Define the user account for anonymous access.
Secure the file system.
Apply specific registry settings.
Note
 | These Windows security setting recommendations are the same whether you are hosting IIS on Windows 2000 Server or Windows Server 2003 hosts. |
Minimizing Services
At a minimum, IIS server requires that you configure the following services to start automatically:
IISAdmin Enables administration of the Web server
World Wide Web Publishing Service ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.
