Making Security-Related Configuration Changes

Applies To: Windows Server 2003, Windows Server 2003 with SP1

After upgrading your server to IIS 6.0, you can make additional security-related configuration changes on the Web server. If you ran the IIS Lockdown Tool before upgrading the Web server, most of these changes are already in place. The IIS Lockdown Tool removes unnecessary IIS components, including virtual directories, to reduce the attack surface available to malicious users. Otherwise, make these security-related configuration changes to help reduce the attack surface and increase the security of the Web server.

Make the security-related configuration changes by completing the following steps:

1. Enable essential IIS components and services.

2. Remove unnecessary IIS virtual directories.

3. Configure the anonymous user identity.