Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Running the IIS Lockdown Tool and UrlScan

Updated: August 22, 2005

Applies To: Windows Server 2003, Windows Server 2003 with SP1

The IIS Lockdown Tool and UrlScan are IIS security related programs designed for IIS 5.1 and earlier. Each tool provides different types of protection for earlier versions of IIS. The IIS migration process does not install the IIS Lockdown Tool and UrlScan on the target server.

The IIS Lockdown Tool is provided to assist administrators in configuring optimal security settings for existing IIS servers. You cannot install the IIS Lockdown Tool after migration because all of the default configuration settings in IIS 6.0 meet or exceed the security configuration settings made by the IIS Lockdown Tool.

UrlScan is a tool that is provided to reduce the attack surface of Web servers running earlier versions of IIS. By default, IIS 6.0 has features that significantly improve security by reducing the attack surface of the Web server. UrlScan provides flexible configuration for advanced administrators, while maintaining the improved security in IIS 6.0. When you need this flexibility in configuring your Web server, you can run UrlScan on IIS 6.0.

For more information about determining whether to run UrlScan after migrating your server to IIS 6.0, and to download the latest version of the URLScan tool, see the Knowledge Base article 307608, Using UrlScan on IIS.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.