IIS ??????? ??????? ?? ????? ???? ?? ??????? ???? ?? ??? ???? ????

???? ?????? ???? ??????
???? ID: 325864
?? ?????? ??????? ???? ??? ?? ??? ???????????? ?? ??? Microsoft ??????? ?????????? ???????? (IIS) ??????? 6.0 ???????? Microsoft Windows Server 2003 ?? ?? ??? ??? IIS 6.0 ???????????? ??? ?????? ??????? ?????? ??? IIS ???????-?????? ?????? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://www.Microsoft.com/technet/Security/prodtech/IIS.mspx
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

??????

?? ??? ?? ??? ???? ????? ???? ?? ?? ??????? ?????????? ???????? (IIS) ??????? ??????? ?? ????? ?? ???? ??? ????? ?? ???????? ???? ?? ??? ???? ????? ?? ?? ???????? ?? ????? ?? ??? ?? ???????? ?? ?????? ???? ???? ?? ???? ??? ??????? ????? ???? ???

IIS ??????? ???????? ????? ?? ??? ????? ????

IIS ??????? ??????? ?? ??? ?????? ?? ??????? ???? IIS ????? ?? ???????? ???? ?? ??? IIS ?? ?? ???????? ???????? ????? ?? ???? ???? ???? ???? ?? ?? ??????? ????? ???, ?? ??????? presents ???????? ?? ??? familiarize ????? ?? ??? ??? ????? ?? ?????? ??? ????? ?? ????? ??:
  1. IIS ??????? ??????? ?? ??????? ????? ??????? ?? ??????? ???? ?? ??? ????? Microsoft ??? ???? ?? ????:
    HTTP://www.Microsoft.com/Downloads/details.aspx?displaylang=EN&FamilyID=DDE9EFC0-BB30-47EB-9A61-FD755D23CDEC
  2. ???????? ????? ????? ?? ??????? ??????? ??????? ?? ????????
  3. ?? ?? ??????? ?? ?????? ??, ?? ???? ?????? ????????? ??????? ?? ??????, ?? ?? Iislockd.chm ????? ?? ???-????? ?????
????? ??? ?? ??????? ???????? ?? ?????? ???? ?? ?? ??? ???? ???????????, ???? ?? Exchange ?? FrontPage ?? ??? ???????? ?? ??? ?????? IIS ?? ???????? ???????? ?? ????? ???? ?? ??? ??? ??? ?? ???? ??? ???????? ?? ??? ???? ?? ?? ??????? ??????? ????? ???, ?? ?? ?? ??????????? ?? ??????????? ?? ??? ?? ???? ??? ???????? ?? ???? ????, ?? ??? ????????????? ??????? ???? ?????? ???????????? ?? ??? ??????? ??? ?? Microsoft ???????? ???????????? ??????? ???????? ?????:
  • Exchange ?? Outlook Web Access (OWA):
    309508?? Exchange ?????? ??? IIS ??????? ?? URLscan ???????????
  • Microsoft ?????? ??????? ?????:
    311595??????? ?? ?? Microsoft ?????? ??????? ????? ?? Microsoft ??????? ????? ??? ?? ???????? ???? ????
  • Microsoft ???? ??????? ?????:
    311862???? ??????? ????? ?? ??? IIS ??????? ????? ?? ????? ???? ????
  • Microsoft Project, Project Server ?? Project Web Access:
    321357?????? ????? ?? ?? Microsoft Project Web Access ????? ?????? ????? ?????
    316398IIS ??????? ????? ?? URLScan ??????? ????? Microsoft Project Server ?? Microsoft Project ???? ??? ??? ???????? ?? ???????? ???? ?? ??? ???? ????
  • Microsoft SharePoint Portal ?????:
    309675IIS ??????? ????? SharePoint Portal ????? ???????? ???? ??
    319633' ???????? ?????? ?????????: ?????? INVOKE ????????? ?? ??? ?? ' IIS ??????? ??????? ?? ??????? ???? ?? ??? ?????? ?????
  • Microsoft Visual Studio .NET:
    310588PRB: ??????? ?????? ????? asp.NET Visual Studio .NET ??? ???????
    315904BUG: "ExternalException: ??? ????????? ????????? ???? ?? ????" ?????? ????? ?? ?? .aspx ????? ?? WebServices ???
  • Microsoft FrontPage:
    317390"HTTP/1.1 404 ???????? ???? ????" ?????? ????? ??? ?? ?? ???? ?????????? ?? ???? ??? ??? ?? ???? ??? ????????? ???? ??
    307976FrontPage URLScan ?? ??? ????? ???? ??? ?????? ?????
  • Microsoft ???????? ?????:
    311675???? ??? ???????? ????? 2.0 ?????? ??? IIS ??????? ???????? ?? ??????? ???? ?? ???
  • 888936SMS 2003 ????? ??????? ??????? ???? ???? ?? ????

IIS ??????? ??????? ?? ??????? ???? ?? ??????? ????

  1. ??????? ??? ???????? ????? ????? ?? ???-????? ????IIS ??????? ???????? ????? ?? ??? ????? ??????? ???????? ?? ??????? ???? ?? ??? ???
  2. ?????? ????? ?? explanatory ??? ??? ?????, ?? ???? ??? ????? ????next.
  3. ??????? ?????? ????? ?? ??????? ?????? ?? ????? ???????? ???? ????? ????-????? ????, ?? ???? ???next.
  4. ????? ???????? ?? ??? ???? ????? ?? ???? closely ?? ????? ?? ?????? ?? ??? ???? ???????? ?? ??? ????, ?? ?? ?? ??? ???? ?? ??? ????? ???????????? ?? ???????? ?????. ????? ?? ???????? ?? ?? ?????? ???? ?? ?? ????? ??? ?? ?????? ?? ???? ????? ??? ????? ????? ??, ??? ??????? ??? ?? ????? ?? ???? ??? ????? ????? ?? ???????

    ??? ????? ?? ?? ?? ???? ????? (?????? ?? ???, ?? ???????? ??? ????? ???? ???????? ????? ?? ?? ?? ??) ??, ?? ??? ???? ?? ??? ????? ???????? (????? ?? ??? ?? ???????? ????? ?? ??? ????), ?? ????????? ???? ?? ?? ????????????? ????? ????? ??????? ?? ???????? ?? ?? ??? ?????? ??????? ??????? ??? ???? ????? ?? ??? ??????? ???? ??? ?? ???? ??????? ?????? ?? ??? ???? ??, ????? ????next.
  5. ??????? ???? ????? ??, ?? ?? ????? ??? ?? ???? ????? ?? ?????? ???? ?? ??? ?????? ?? ??? ????? ??????? ????? ??? ???? ?? ???????? ??? ??? ?? ????? ?????????? ????????? (FTP) ?? ??????? ??? ?????????? ????????? (SMTP) ?????? (??????, ????? ?????????? ?? ?-??? ????) ?????? ???? ?? ???, ???? ????? ?? ???? ????? ???, ?? ?? ???????? ?? ????? ???? ?? ??? ????? ?? ???? ???? ??? ???? ?? ?? ????? ???? ??? ?? Exchange ?? ???? ??????? ????? ??? ??? ???, ?? SMTP ???? ???? ?????

    ??? ???? ?? ??? ???? ?? ?? ?? ?? ????? ?? ?? ??? ???? ?????????? ??????? ???? ?? ????? ??? ?? IIS 5.0 ?? ??????? ???????? ??? ??? ???, ?? ?? ?? ????? ?? ???? ?? ??? ???? ?? ???Unselected ?????? ???????, ?? ???? ??? ?? ???? ?? ?? ???? ???? ?????? ?? ?? ??? ???? ??? ??????? ??? ?? ???? ??????? ?????? ?? ??? ???? ??, ????? ????next.
  6. ????????? ????? ????? ?? ??? ????? ?????? ?? ????? ?????? ??? ?? ?? ????? ??? ?? ?????? ???? ?? ???, ???? ????? ?? ??? ???? ???????? ?? ???? ???? ?? ??? ????? ????? ??? ?? ??????? ???? ??? ???? ????? ???? ?? ???, ?? ?? ???? ??????? ???????????? ?? ?? ?????? ?? ??? ??? ?? ????? ??? ????????? ????? ??? ???? ???? ????? ??? ?? ??????? ????? ?????? ?????? ????? ????? (. asp), ????? ?? ????????? ???? ?? ???? ????? ???? serve ASP ????? ??? ?? ?? ?? ?? ???????? ?? ???? ???? ?? ??? ????? ???? ????? ????? ????,next.
  7. ???????? ??????? ????? ??, ?? ?? ????? ?? ??????? ????? ??? ?? ??????? ???????????? ?? ??? ????? By default, these virtual directories are installed by default with IIS, so they are well-known targets for attackers and you might want to remove these virtual directories or rename them on production computers. Removing these virtual directories from IIS does not remove the corresponding physical directories on the disk, so you do not lose any data by selecting this option.
  8. On the Additional Security page, click to selectRunning system utilitiesif you want to deny rights on executable files in the Windows directory to the Internet guest account (by default, IUSR_computername>). This option should be selected on most systems.
  9. On the Additional Security page, click to selectWriting to content directoriesif you want to deny Write rights to the Internet guest account on the directories that contain your Web content. Make sure that you leave this option unselected if you are using FrontPage Server Extensions on this server or if this server functions as a proxy server.
  10. On the Additional Security page, click to selectDisable Web Distributed Authoring and Versioning (WebDAV)??? ?? ????? ?? ??? ??????? ?? ?? ????? ?? ???? ???? ?? ??? WebDAV ?? ????? ???? ???? ??? Outlook ??? ?????? (OWA) Exchange 2000 ?? ??? ?? ????? ?? ?????, ????????? ???? ?? ?? ?? ?????? ?? unselected ???? ????
    ???:: ??? ?? ?? ?????? ?? ??? ????, ??????? ???????? ??? ???? ???? ?? (Httpext.dll) WebDAV ??????????? DLL ?? ?????? ???????? ???? ?? ??? ?????? ?? ????????? ????? ?? ??? WebDAV ???????? ?? ????????? ???? ?? ??? ?????? ??? ?? ?? ???? ??????????? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ?????? ????? ????::
    307934PUT ?? DELETE ?????? ???? ?? ??? ?? ???? ACL ?? ?????? ?? WebDAV ??????
  11. ????? ????,next.
  12. URLScan ????? ?? ??? ???? ???????? ?? ?????? ?? ??? ?? ?????? ???? ?????? ???? ?? ??? URLScan ?? ????? ???? ????? ??? ??? URLScan ?? ??????? ???? ?? ??? ?????? ?? ??? ????? ??? ??? ??????? ????? ???? ?? URLScan ?????? ?? ?????? ?????? ???? ?? ????? ???? ??, IIS ?? 404 ???? ???? ????? ?????? ?? ??? ????? ????? ?? ?? ?????? URLScan ??? ????? ??? ??? ?? ???? ??? ???????? ??? ??, ?? ????? % WINDIR%\System32\Inetsrv\Urlscan\Urlscan.log ??? ????? ???

    ???:??? ?? ???????? ??????? ????? ?? ????? WebDAV ?? ???? ???, ????? URLScan ?? ??????? ???? ?? ??? ??, ??? ?? URLScan ??????? WebDAV ?????? ???????? ??? ?? ????? ??? ?? URLScan ?? ??? WebDAV ?? ????? ???? ????? ??? Urlscan.ini ???? ??????? ???? ?????? ???
  13. ????? ?? ???????? ???? ???? ?? ??? ????? ??, ?? ?? ???? ?? ???? ??, ?? ???? ??? ?????????? ?? ??????? ????next.
  14. ??????? ??????? ???? ??????? ?? backs ?? ?? ????? ???????? ???? ??? ?? ????????? ?? ????? ???? ??, ????? ????????? ???????????? ?? ??? ???? ??????? ?? ?? ?? ???????? ??? ??? ???????? ?? ????? ???? ??? ????? ????,next???? ???? ?? ????

    ???:?? ??????? ??????? %WINDIR%\System32\Inetsrv\Oblt-rep.log ?? Notepad ??? ??? ?? ??? ???? ????
  15. ????? ????,??????IIS ??????? ??????? ?? ??? ?????
  16. ???? ????? ?? ??????????? ?? ??? ?? ???? ??? ??????? ????? ?? ??? ???? ?????????? ??? ??? ?? ????? ?? ?? ???? ???? ????? ?? ?????? ?????????? ????? ?? ?????????? ??, ?? ????? ??? ??? ??????? ??????? ??? ??? ?? ???????? ????, ?? ???? ??? ??? ?????? ?? ??? ???? ?? ??? ???????? ??? ?? ?????????????? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ?????? ????? ????::
    317052IIS ??????? ??????? ?????? ??? ?? ?????????? ?? ???????? ???? ?? ??? ???? ????

URLScan ???????? ????

?? ?? IIS ??????? ??????? ????? ???, URLScan ??????? ?? ???? ???? URLScan, ISAPI ?????? ?? ?? configurable ?????? ?? ??? ?? ?????? HTTP ?????? ?? ????? ??? ?????? ?? ???, ???? URLScan ??? ?????? ???? ??? ????? ??? ????????? ?? ???, (???? GET ?? POST) ??? HTTP ???????? ?? ??????? ???? ?? ???, ?? ?????? ??? ??? ????? ?? ????? ??? ????? ????? ??? ?? ???? ?? ??????? ???? ?? ??? ??????? ???? ?? ??? ???????? ?? ???? ????

URLScan ?? ???????? ???? ?? ??? %WINDIR%\System32\Inetsrv\Urlscan\Urlscan.ini ????? ?? ??????? ???? ?? ??? ???? ??? ?????? ???? ?????? ?? ????? ????? ?? ???? ?? ??????? ?????????? ??? ?? ???????? ??????????? ?????? ?? ?????? ??? ???? ?? ??. ini ????? ?? ?????? ?? ???, ?? ??? ?????? ?? IIS ???????? ?????

URLScan ?? ???????? ???? ???? ?? ???? ??? ???????? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
312376IIS ??? ?? ?? ????????? ?? ??? ?????? ?? ?????? ???? ?? ??? URLScan ?? ???????? ???? ????
326444URLScan ????? ?? ???????? ???? ????

IIS ??????? ???????? ????? ?? ??? ???????? ?? ?????? ????

The most common problem after you run the IIS Lockdown Wizard is receiving unexpected 404 File Not Found error messages when you open the locked-down site. You may receive these error messages even for files that exist. This occurs when a client requests a file that has been blocked by the Lockdown Wizard or URLScan. In this case, IIS says that the file does not exist for security purposes. If a malicious user knows that a vulnerable service exists on the server but is being blocked, the user may still find a way to get around the block and exploit the vulnerability; however, if the user thinks that the service is not installed, the user will not try to exploit it.

If you receive a 404 error message after you run the IIS Lockdown Wizard, follow these steps to troubleshoot the problem:
  1. Verify that the file you are requesting exists on the server.???? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ?????? ????? ????::
    248033How system administrators can troubleshoot an "HTTP 404 - File not found" error message on a server that is running IIS
  2. Examine the URLScan log file to see if URLScan is blocking the requests. This file is located at %WINDIR%\System32\Inetsrv\Urlscan\UrlscanMMDDYY.log (where MMDDYY is the date for the log). If you discover that URLScan is blocking the requests, see theURLScan ???????? ????section to set up URLScan so it permits these requests.
  3. If you are requesting a non-HTML file, such as an ASP page or a server side include-enabled file, verify the application mapping for the file type in the Internet Services Manager:
    1. ???? ??? ???? ?? ????-????? ????, ?? ???? ??????.
    2. ????? ????????? ????????????? ??,configuration.
    3. ????? ????Apps Mappings??? ?? ????? ????..
    4. Click the line that corresponds to the extension of the file that you are trying to access.
    5. ???Executable Pathis set to %WINDIR%\System32\Inetsrv\404.dll, click??????, and then setExecutable Pathto the default executable path for that file extension. If you are not sure of the default, open the %WINDIR%\System32\Inetsrv\oblt-log.log file, which was created when you ran the Lockdown Wizard. Look for a line that starts withSMAPfollowed by the file name extension. This line also contains the default executable path for that file type.
If you have trouble with a service that depends on IIS, such as Exchange or SharePoint, see the Microsoft Knowledge Base articles that are listed in theIIS ??????? ???????? ????? ?? ??? ????? ????????

You may also find that FTP or SMTP do not work after you run the IIS Lockdown Wizard. This occurs if you either disable or remove these services. If you disabled the services, follow these steps to re-enable them:
  1. ???????? ???? ??????
  2. On Windows NT 4.0, open the??????applet. On Windows 2000 or Windows XP, open the Administrative Tools folder, and then open the??????applet.
  3. ???-????? ????FTP Publishing??,??????? ??? ?????????? ????????? (SMTP).
  4. ?? ???????????? ??????, ?? ??? ???? ?? ??? ????? ????????:.
  5. ????? ????,???????if you want the service to start right away.
If you completely removed one or both of these services by selectingRemove unneeded serviceswhen you ran the IIS Lockdown Wizard on IIS 5.0, follow these steps to reinstall them:
  1. ???????? ???? ??????
  2. Open the Add/Remove Programs applet, and then clickWindows ?? ??? ??????/???????in the left pane.
  3. ??? ??????????? ??????? ???? (IIS)?? ????-????? ????, ?? ???? ????????.
  4. ?? ??? ???? ?? ??? ????? ????File Transfer Protocol (FTP) Service??,SMTP Service.
  5. ????? ????,OK?? ????-????? ????, ?? ???? ???next. The selected service or services will be installed. You may be prompted to insert your Windows CD-ROM.
  6. Make sure that you reapply the latest Windows service pack and any hotfixes that you have installed.
If none of these methods works, you can view the IIS Lockdown Wizard report file to see all changes that the tool made. This can help you determine what changes caused the problems that you are experiencing. This report file is saved at %WINDIR\System32\Inetsrv\Oblt-rep.log.

For additional information about how to undo the changes that the IIS Lockdown Wizard made, click the following article number to view the article in the Microsoft Knowledge Base:
317052How to undo changes made by the IIS Lockdown Wizard

??????

IIS ??????? ??????? ?? ???? IIS ????? ?? ???????? ???? ?? ??? ???? ???? ?? ???? ??? ???????? ??????? ?? ??? ?????? ?? Microsoft ???????? ??? ????? ?? ??? ????? ???? ???????? ?? ????? ????:
310725IIS ??? ???????? IIS ??????? ???????? ????? ?? ??? ???? ????
311350IIS ??????? ??????? ?? ??? ????? ?? ??? ??? ????? ????? ?????? ????? ?? ??? ???? ????
282060??????? ????? ?????? securing ?? ??? ??????

???

???? ID: 325864 - ????? ???????: 04 ?????? 2010 - ??????: 2.0
??????: 
kbhowtomaster kbmt KB325864 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:325864

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com