Anyone tried the Microsoft lockdown?

[paulwood]

Has anyone else tried the Microsoft IIS lockdown tool? I've tried it on one server that was regularly getting hit, and it seems to have stopped all vulnerabiliites so far.

http://www.microsoft.com/technet/tr...chnet/itsolutions/security/tools/locktool.asp

 

[waynemaples]

I tried it on 3 boxes and it failed with 3 different error messages.

-Wayne
ContentMaster
Tips for NT/W2K/XP Admins and Users
Penetration Testing/Hacking Tips for Admins

http://is-it-true.org

 

[athanasius]

I have installed both iislockd and the urlscan. However, I now am unable to display any graphics and my default document doesn't work (can't type

http://www.domain.com,

have to type

http://www.domain.com/index.htm).

Does anybody have a fix for these problems?

 

[paulwood]

If you went for the default lockdown, try customising the lockdown until you get the response you want. NB You can only undo one lockdown at a time, so you have to undo before reapplying. Sorry, I can't remember the options off the top of my head.

 

[athanasius]

Okay, here is what I figured out. I had to go with the UseAllowExtensions=0 to get my default page to display. The log said that since (null) wasn't set as an allowed option it wouldn't display the page. Anyone know how to add null to the list of allowed extensions? (null) doesn't work.

I also figured out that I had to allow read access to the directory through the IIS manager to view images.

Finally, if you use a programming language like Cold Fusion you need to allow scripts to run.