Configure Web Server Security (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

For enhanced security, IIS 7 is not installed on Windows Server® 2008 by default. When you install IIS 7, your Web server is configured to serve only static content. This includes HTML and image files.

The following list describes new security features in IIS 7 and briefly explains their benefits:

  • A new Windows built-in group named IIS_IUSRS replaces the local IIS_WPG group. A new Windows built-in account called IUSR replaces the local IUSR_MachineName anonymous account from IIS 6.0. However, the IUSR_MachineName account will continue to be used for FTP. These changes combine to offer four benefits.

    • Ability to use a custom anonymous account without disabling the IIS anonymous account.

    • Maintenance of consistent access control lists (ACLs) across several Web servers by using a common Security Identifier (SID).

    • Improvement of the DCPROMO process by making sure that the local anonymous account does not become a domain account.

    • Elimination of the need to manage passwords.

  • The IP restriction list can be configured to deny content access by a single computer, a group of computers, a domain, or all IP addresses and unlisted entries. This provides support for inheritance and merging of IP restriction rules in addition to IIS 6.0 grant/deny support.

  • Features of the UrlScan 2.5 security tool are incorporated in IIS 7. This removes the requirement to download a separate tool.

  • IIS 7 supports URL authorization in native code. For consistency, this change provides support for all the functionality of the existing ASP.NET managed code implementation.

Use the following tasks to configure security features in IIS 7:

Configuring Authentication in IIS 7

Configuring IPv4 Address and Domain Name Rules (IIS 7)

Configuring URL Authorization Rules in IIS 7

Configuring Server Certificates in IIS 7

Configuring ISAPI and CGI Restrictions in IIS 7

Configuring Secure Sockets Layer in IIS 7

Configuring Request Filters (IIS 7)

Configuring Shared Configuration (IIS 7)

Tags :


Community Content

Srdixalot097
I am having a problem with the 404. file or directory is not found
$0Please help me. I dont have a 404 file or directory. What am I suppose to do?$0$0$0Esther Fan, MSFT: Thank you for your feedback. To get a quicker response to these kinds of questions, please try the following forums:$0 IIS: <mtps:InstrumentedLink NavigateUrl="http://forums.iis.net/" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://forums.iis.net</mtps:InstrumentedLink>$0$0$0
Tags : contentbug

Wan-yuan
me
<p>http://www.yiyiys.net/chn/40520/cant get to work<br /><br /> [tfl - 21 02 09] You should post questions like this to the Technet Forums at <mtps:InstrumentedLink NavigateUrl="http://forums.microsoft.com/technet" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://forums.microsoft.com/technet</mtps:InstrumentedLink> or the MS Newsgroups at </p><p><mtps:InstrumentedLink NavigateUrl="http://www.microsoft.com/communities/newsgroups/en-us/" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://www.microsoft.com/communities/newsgroups/en-us/</mtps:InstrumentedLink>. You are much more likely get a quick response using the forums than through the Community Content.<br /> For specific help about:<br /> Exchange : <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.exchange%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.exchange%2C</mtps:InstrumentedLink>&amp;amp;amp;<br /> SQL Server : <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.sqlserver%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.sqlserver%2C</mtps:InstrumentedLink>&amp;amp;amp;<br /> Windows : <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows%2C</mtps:InstrumentedLink>&amp;amp;amp;<br /> Windows Server : <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows.server%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public.windows.server%2C</mtps:InstrumentedLink>&amp;amp;amp;<br /> Virtual Server : <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/group/microsoft.public.virtualserver/topics?lnk" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://groups.google.com/group/microsoft.public.virtualserver/topics?lnk</mtps:InstrumentedLink><br /> Full Public : <mtps:InstrumentedLink NavigateUrl="http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public%2C" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://groups.google.com/groups/dir?sel=usenet%3Dmicrosoft.public%2C</mtps:InstrumentedLink>&amp;amp;amp;</p>

drmagdyabougabal
drmagdy
hi dr magdy
Tags :

Page view tracker