To enable the IIS Server to add Web Server functionality to Windows Server 2003, you must enable the following three services. The incremental IIS group policy ensures that these services are configured to start automatically.
These three services are the IIS Admin Service, the World Wide Web Publishing Service, and the http ssl Service. We have already explained these three services. Today, let's look at other security settings.
Other security settings
After Windows Server 2003 and IIS are installed, by default, IIS only transmits static Web content. When a Web site or application contains dynamic content or requires one or more additional IIS components, each additional IIS function must be enabled individually.
However, you must exercise caution in this process to minimize the attack surface of each IIS server in your environment.
If your organization's Web site only contains static content without any other IIS components, the default IIS configuration is sufficient to minimize the attack surface of the IIS server in your environment.
The security settings of the MSBP application provide a lot of enhanced security for the IIS server.
However, some other precautions and steps should be considered. These steps cannot be completed through the Group Policy, but should be manually executed on all IIS servers.