How to create a custom server type for use with the IIS Lockdown Wizard

This article was previously published under Q311350
This article has been archived. It is offered "as is" and will no longer be updated.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:For more information about IIS 7.0, visit the following Microsoft Web site: All the default security-related configuration settings in IIS 6.0 meet or exceed the security configuration settings that are made by the IIS Lockdown Tool. Therefore, you do not have to run this tool on Web servers that are running IIS 6.0. However, if you are upgrading from an earlier version of IIS, you should run the IIS Lockdown Tool before the upgrade to enhance the security of the Web server.
Summary
This step-by-step article describes how to create a custom server type for use with the Internet Information Services (IIS) Lockdown Wizard.

back to the top

Description of the Technique

The latest version of the IIS Lockdown Wizard provides administrators with the ability to create custom server type templates.

In the Iislockd.ini file, administrators can create custom server type templates for use with the IIS Lockdown Wizard. A custom server type template appears in the Lockdown Wizard as a configurable server type and can also be used when you run Iislockd.exe unattended.

back to the top

Create the Custom Server Type Template

  1. In the [Info] section of the Iislockd.ini file, add the name of the custom server type to the list for the appropriate variable (either ServerTypesNT4 or ServerTypes). In this example, MyCustomServerType is used.
  2. As a guide for the new custom server type template, copy the [sbs4.5] template and paste the text at the bottom of the file.
  3. Change [sbs4.5] in the copied text to reflect the custom server type name that you entered in step 1. For this example, the text is [MyCustomServerType].
  4. Change the label value to something meaningful for the custom server type.
  5. Configure the feature settings of the server template to TRUE or FALSE.
  6. If you install URLScan, change the UrlScan_IniFileLocation value to point to a custom URLScan .ini file that is used for this custom server type. You can also use a Urlscan.ini file from another server type.
  7. Save the Iislockd.ini file.
After you perform these steps, Iislockd.exe can be run in the GUI mode, and the custom server type appears in the available server types list. You can also use this new custom server type to run the IIS Lockdown Wizard unattended.

After you create the custom server type template, the Iislockd.ini file may resemble the following:
[Info]ServerTypesNT4=sbs4.5, exchange5.5, frontpage, proxy, staticweb, dynamicweb , other, iis_uninstalledServerTypes=MyCustomServerType, sbs2000, exchange5.5, exchange2k, sharepoint_portal, frontpage, biztalk, commerce, proxy, _staticweb, dynamicweb, other, iis_uninstalledUnattendedServerType=MyCustomServerTypeUnattended=TRUEUndo=FALSE[MyCustomServerType]label="My Custom Server Type Template"Enable_iis_http=TRUEEnable_iis_ftp= TRUEEnable_iis_smtp= FALSEEnable_iis_nntp= FALSEEnable_asp= TRUEEnable_index_server_web_interface= FALSEEnable_server_side_includes= FALSEEnable_internet_data_connector= FALSEEnable_internet_printing= FALSEEnable_HTR_scripting= FALSEEnable_webDAV= FALSEDisable_Anonymous_user_system_utility_execute_rights= TRUEDisable_Anonymous_user_content_directory_write_rights= TRUERemove_iissamples_virtual_directory=TRUERemove_scripts_directory=TRUERemove_MSADC_virtual_directory=TRUERemove_iisadmin_virtual_directory=TRUE	Remove_iishelp_virtual_directory=TRUEUrlScan_Install=DISABLEDUrlScan_IniFileLocation=AdvancedSetup =UninstallServices=TRUE				
back to the top


References
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
310725 How to run the IIS Lockdown Wizard unattended in IIS
back to the top





Properties

Article ID: 311350 - Last Review: 10/26/2013 10:43:00 - Revision: 6.0

  • kbnosurvey kbarchive kbhowtomaster KB311350
Feedback