IIS ??????? ?? ?? Exchange ?????? ??? URLscan ???????????

???:?? ???? Exchange 2000 ?? Exchange ?? ??? ?????? ?? ???????? ???? ?? ?? ?? ???? IIS ??????? ????? ??????? 1.0 5.5 ?????? Microsoft ??????? ???? ?? ?? IIS ??????? ????? ?? ?????? ??????? ??????? ????:???????? ??????? ?? ???, ???? ?? ???? ?????? ?? ????? ?? ???? ?? Microsoft ???????? ??? ?????::??????? ?????????? ???????? (IIS) ??????? ?????, IISlockD ?? URLscan, ???????? ???? ????? appropriately Exchange ?? ???? ?? ???? ????? ???? ?? ?? ??????????? ?? Exchange 2000 Server ?? Exchange Server 5.5 ???????? ??? ?? ??????? ?? ??? ?????? ??? IISlockD ?? URLscan ??????????? ?? ??? ?? ??????? ????? ????? ???:

• Microsoft Outlook Web Access (OWA)? ?? ?? ?????? OWA, ???? ??? ????, ??????? ????, ?? ?????? ???? ?? ??? ???????? ?? ???? ??? ???? ??? ??, ??? ?? Exchange 2000 server ?? ?? ??????? ?? OWA ???? ?? ??? ????? ??????? ???? ?? ?????? ??, ?? ???? ????? ?????? ????? ??? ????:
  ?? ?????? ?????? ? ?? ???
  ?? ???? ???? ????? ?????
  ??????: 878
  ??????: ???????? ???????? ?? ??? ??? ?????? ????? ??
• Exchange ?????? ??????? ?? ?? Exchange ?????? ?????? ??? ????????? ?????? ???? ?? ??????? ???? ?? ??? ????? ???? ???, ?? ???? ????? ?????? ????? ??????? ?? ???? ??:
  ???????? ?? ?????? ???? ??? ???????? ?? ???? ????, ?? ?? ???: ?????? ???? ?? ??? F5 ??????
  ???? ID: 80040e19
  Exchange ?????? ??????
• Exchange ?????? ??????? ?? ?? Exchange ?????? ?????? ??? ????????? ?????? ???? ?? ??????? ???? ?? ?????? ??, ?? ???? ????? ?????? ????? ??????? ?? ???? ??:
  ??? ?????? ????? ?????? ?? ???? ????????? ???? ???? c1030af2
• ?????? Instant ????? ??? ?? ?? Exchange ???????? ???????? ??? ???? ?? ???? ?? ?????? ??, ?? ???? ????? ?????? ????? ??????? ?? ???? ??:
  Microsoft Exchange ?????? ???? ?????? ?????? ???? ?? ??????? ???? ????? ?? ????????? ????? ????? ??? ??? ???: ?????? ?????

?? ?????? ?? ? ???? ?? ??????? IISlockD ?? URLScan ??????? ??????? ?? ??????? ??????????? ????? ?? ????? ??????? ?? ???? ????? serving ??? Exchange 2000 ????? ?? ????? ??? ?????? ???? ?? ?????? (WebDAV) ?? ???? ??????? ??????????? ?? ?????? ?????? ???? ?? ?? ???????????? ?????????? ????????? (HTTP) ???????? ????? Exchange Server 5.5 ????? ?? ????? ?????? ????? ????? (ASP) ?? ???????? ??? ?? ????? ???

?? ????? ???? ?? ???????? ????????????? ???? ?? ???? ?? ???? ?????? ???? ????? ?? ???? ?? optimally ????? ???? ?? ??? Exchange 2000 Server ?? Exchange Server 5.5 ???? ?? ??? ??????? ???? ???, ????? ???? ??????? ???? ?? ???? ?? ?? ???? ?????? ?? ???? ??? ?????? ?? ???, ???? ?? ?? URLscan INI ???????? IIS ???????? ?????? ??? ?? ???? INI ???????? ?? "DenyExtensions" ??? ?? ???, ?? ??? ???? ??? ?? ?? ???????? IIS ?? ????? ?? ??????? ?? ?????? .HTM ?? .HTML ??????? ?? ????? ??????? ??????? serving.

Exchange 2000 ????? ?? IIS ???????

Exchange 2000 ????????, ??? ??????? ????? ???? ?????? Exchange ??????? ????? ????? ?????? (IFS) ??????? ?????? (?????????? ?????? M)? To use the lockdown tool on Exchange 2000 servers:

1. Run IISlockD.exe.
2. ????? ????,Advanced Lockdown?? ????-????? ????, ?? ???? ???next.
3. TheRemove Script Mappingsdialog box is displayed:
   1. ???Disable support for Active Server Pages (.asp)check box is selected, the OWA???????????button does not function and theLog Offbutton does not function. The following Microsoft Knowledge Base article describes the process to disable the multimedia button for customers who do not have a unified messaging solution:
      288119  (http://support.microsoft.com/kb/288119/EN-US/ ) XWEB: How to Disable the Multimedia Button in OWA
      When Active Server Pages (ASP) pages are disabled, unified messaging still functions with the WAV file attachment.
   2. ???Disable support for the .HTR scripting (.htr)check box is selected, the OWA Change Password feature does not function. This OWA feature is disabled by default. The following Knowledge Base article describes the process to hide the??????? ????????? ????button in OWA:
      297121  (http://support.microsoft.com/kb/297121/EN-US/ ) XWEB: How to Hide the Change Password Button on the Outlook Web Access Options Page
4. ????? ????,next.
5. TheAdditional Lockdown Actionsdialog box is displayed:
   1. ???? ???? ?? ??? ????? ?????????? ???? ?? ?????? (WebDAV) ????? ??????? ?????.
   2. ???? ???? ?? ??? ????? ????IIS ???? ???????????? ?? ??????? ???????????? ?? ????? ?? ????? ?? ??? ???? ????????? ??? ??????? ?????. ?? excludes IIS ??????? ???????????? ?? ?? Exchange IFS ??? ?? ?? ???
6. ????? ????,next?? ????-????? ????, ?? ???? ????????????? ????????? ?? ???? ?????

???????? ??? ?? IIS ???? ?????????? ?? ??? ????? ????????? ?? ??? ???? ?? ??? ??? ?? ?????? ?????????? ??? ????? ???????? ????????? (ACE) ?? ??? ???? ???????????? ?? ???????? IIS ??????? ?????????? ?? ??? ???:

1. ??????? ???? ??????? Microsoft ??????? ????? (MMC) ?? ??????? ?????
2. ??????? ???? ?? ??? ????? ??????????? ??? ????.
3. ???????? ??????? ??????????: ?? ???
   1. ???? ??????? ?????????? ?? ??? ????, ??????? ?????????? ?? ????-????? ????, ?? ???? ??? ?? ??? ????? ???????.
   2. ????? ??????????? ????????????? ??, ??????? ?? ?? ??? ?????
   3. Start Microsoft Windows Explorer, and then locate the local path folder.
   4. ??????? ?? ????-????? ????, ?? ???? ??????.
   5. ????? ?????????????? ?? ????? ????..
   6. ????? ????,add.
   7. ?? ??? ???? ?? ??? ????? ????_Web Anonymous Users, ??_Web Applicationsaccounts, and then clickOK.
   8. ?? ??? ???? ?? ??? ????? ????_Web Anonymous Usersaccount, and then deny Full Control ACE.
   9. ?? ??? ???? ?? ??? ????? ????_Web Applicationsaccount, and then deny Full Control ACE.
4. Repeat step 3 for each virtual directory, excluding the Exchange and Exadmin virtual roots.

IIS Lockdown on Exchange Server 5.5 Computers

To use the lockdown tool on Exchange Server 5.5 computers:

1. Start IISlockD.exe.
2. ????? ????,Advanced Lockdown?? ????-????? ????, ?? ???? ???next.
3. TheRemove Script Mappingsdialog box is displayed
   1. ???? ???? ?? ??? ????? ????Disable support for Active Server Pages (.asp)??? ?????.
   2. ???Disable support for the .HTR scripting (.htr)check box is selected, the OWA Change Password feature does not function. ????? ????,next.
4. TheAdditional Lockdown Actions????? ????? ????????? ???? ???
5. ????? ????,next?? ????-????? ????, ?? ???? ??????to complete the lockdown process.

If you already ran the IIS Lockdown tool against your Exchange Server 5.5 OWA server with all of the options selected, to restore functionality:

• OWA:
  1. ??????? ???? ??????? ??????? ?????
  2. ??????? ???? ?? ??? ????? ??????????? ??? ????, right-click the Exchange virtual directory, and then click???.
  3. ????? ??????????? ????????????? ????? ????, ?? ???? ???configuration.
  4. ????? ????.ASPmapping, and then click??????. The IIS Lockdown tool updates this mapping to 404.dll. Change the mapping to asp.dll. On Microsoft Windows NT 4.0-based computers, add "PUT, DELETE" to theMethod Exclusions????? ???? On Microsoft Windows 2000-based computers, make sure that theLimit to??? ????? ????? ??, ?? ?????? ?? ??? ????? ????????? ??? "GET, HEAD, POST, ?????" ???
  5. ????? ????,OK??? ?? ??? ?????
• ??????? ????????? ????:
  1. Re-create Iisadmpwd ??????? ?????????? ?? ?? ??? ???? ??? ???Iisadmpwd ??????? ?????????? re-create ???? ???? ?? ???? ??? ???????? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
     301428  (http://support.microsoft.com/kb/301428/EN-US/ ) ?? IIS ???????????? ??? ?? Outlook Web Access ?? ?????? ??????
  2. ????? ???????? ??? ??, ?????? ?? ".htr" ??????? ?? ??? ?? ??? ???? ???? ".Htr" ??????? ?? ??? ?????? ?? ???????????? ????:
     1. ??????? ???? ??????? ??????? ?????
     2. ????-????? ??????????? ??? ?????? ????-????? ????, ?? ???? ??????.
     3. ????? ????????? ????????????? ????? ????, ?? ???? ???configuration.
     4. ????? ????.htr??????, ?? ???? ?????????. IIS ??????? ????? 404.dll ???? ?? ??? ?? ?????? ?? ?????? ???? ??? Ism.dll ???? ?? ??? ?????? ????????? ?????
     5. ????? ????,OK??? ?? ??? ?????

Exchange 2000 ????? ?? URLscan

Exchange 2003 ?? URLscan ?? ????? ???? ?? ???? ??? ???? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:?? ?????? ??? ??????????? ??????? ?? ????? ????? ?? ??? URLscan ??:

• OWA
• Exchange ?????? ??????
• ?????? ?????
• ??? ????????

????? ????? ??? ?? URLScan.ini ????? ?? ??? DenyUrlSequences ?????? ?????, ?? ??? ?? ???? ?? ???? ?? ??? ?? ??? ????? ???? ?????? ??? ?? ????? ???? Outlook ??? ?????? (OWA) ?? ?????? ?? ??? ????? ?? ????? ?? ??? ?? ????? ?????????? URLscan ??? ????? %windir%\system32\inetsrv\urslscan ??????? ??? ?? ???????? ?? ??? ???? ??? ?????? ?? ??? ?? ??????? ???? ??????

??? ?? ?? ???? ?????? ?? ???? ??? ????? ?? ??????? ???, ?? ????????? ???? ?? ??? ????? ?? ????? ???? ?? ??? ???? ???? ?? ??? ??????????? ????? ?? ???? ???? ?? ??? ?????? ???

????? ????? ?? Urlscan.ini ???? ?????:Exchange ???????? ?? ?????? ?? ?????? Urlscan.ini ????? ??????? ?????

??? ?? ? ?? ???????? ???? ?? ?????? ???? ??? ????? URLScan ?? HTTP ??????, ???????? ?? ?? ??? ??? ?? ?????? ?? ???? ?? ??? Urlscan.log ????? ?? ???? ????? Urlscan.log ????? ?? ??????? ????? ?? ??:

OWA

OWA ?? ??? URLscan ??????????? ????? ?? ??????????? ?? (???????? ??????? ??????????? ?? ???????? ??, ??? ?? ??????? ???? ".htr" ????? ????????? ?????????? ????????? ?????? ??):

????????? ?????? ??????? ?? ??? Exchange ?????? ??????

URLscan ??????????? ????? Exchange ?????? ?????? ?? ??? ????????? ???????? ?? ??????? ??????????? ??:???:?? ??? ???? .com DENYEXTENSIONS ???? ?? ??? ?????? ??? ????? ??? ?????? (DNS) ??? ???? ??. com.

?????? ?????

???????? ???????? ?? ??? URLscan ??????????? ????? ?? ??????????? ??:

??? ??????

??? ?????? ?? ??? URLscan ??????????? ????? ?? ??????????? ??:

????? WebDAV ?????????

?? ?? ????? ???? ???? ?? ?? DAV ???????? ?? ???? ?? ??? Exchange 2000 ?????? ?????? ??? ?? ??? ?? ????? ??????????? ?? ??????? ???? ?? ???????? ??? ?? ???????? URLscan ??????????? ????? ?? AllowVerbs ??? ????? ?? ????? ?? ??? ?? ????? ?? ????? ????????? ?? ????? ???? ???

Exchange 5.5 ????? ???????? ?? URLscan

????? ????? ??? ?? URLScan.ini ????? ?? ??? DenyUrlSequences ?????? ?????, ?? ??? ?? ???? ?? ???? ?? ??? ?? ??? ????? ???? ?????? ??? ?? ????? ???? Outlook ??? ?????? (OWA) ?? ?????? ?? ??? ????? ?? ????? ?? ??? ?? ????? ?????????? URLscan ??? ????? %windir%\system32\inetsrv\urslscan ??????? ??? ?? ???????? ?? ??? ???? ??? ?????? ?? ??? ?? ??????? ???? ??????

OWA ?? ??? URLscan ??????????? ????? ?? ??????????? ?? (???????? ??????? ??????????? ?? ???????? ??, ??? ?? ??????? ???? ".htr" ????? ????????? ?? ???????? ????????? ????????):