Implementing Windows Security

When implementing an IIS server, you must first ensure that the Windows server hosting the IIS service is secure. Measures you can take include the following:

  • Minimize services.

  • Define the user account for anonymous access.

  • Secure the file system.

  • Apply specific registry settings.


These Windows security setting recommendations are the same whether you are hosting IIS on Windows 2000 Server or Windows Server 2003 hosts.

Minimizing Services

At a minimum, IIS server requires that you configure the following services to start automatically:

  • IISAdmin Enables administration of the Web server

  • World Wide Web Publishing Service ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.