Implementing Windows Security

When implementing an IIS server, you must first ensure that the Windows server hosting the IIS service is secure. Measures you can take include the following:

  • Minimize services.

  • Define the user account for anonymous access.

  • Secure the file system.

  • Apply specific registry settings.

Note

These Windows security setting recommendations are the same whether you are hosting IIS on Windows 2000 Server or Windows Server 2003 hosts.

Minimizing Services

At a minimum, IIS server requires that you configure the following services to start automatically:

  • IISAdmin Enables administration of the Web server

  • World Wide Web Publishing Service ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.