Learn IIS Lockdown logs and metadata backup files

IIS Lockdown is easy to use. To protect the security of IIS servers, let's take a look at the knowledge of IIS Lockdown. In other cases, iiswill limit the security of the webcontent directory, but the system tool such as cmd.exe should be added to prevent unauthorized users from accessing these tools in case of system security vulnerabilities.

If the check box for Running system utilities (for example, Cmd.exe, Tftp.exe) in the selected dialog box is displayed, IIS Lockdown modifies the access control attribute ACE Of All execution files under the \ % windir % directory and Its subdirectories, access Control Entry) to explicitly prohibit the operation permissions of anonymous Local Web user groups and Web user groups.

If you select the Writing to content directories check box, IIS Lockdown also enhances the security of all Web content directories, that is, it sets ACE to disable write permissions for the local anonymous Web user group and the We application group.

There is a Disable Web Distributed Authoring and VersioningWebDAV option at the bottom of the window), that is, Disable Web Distributed creation and version control. The WebDAV function is used to support remote Web content creation and management. If you do not need to use this function, you can select the Disable Web Distributed Authoring and Versioning check box.

After this option is selected, IIS lockdownsets the aceof the execution file of httpext.dllto the webdavfunction, and disables the process of installing the httpext.dllfile into inetinfo.exe, thus disabling the WebDAV function.

In the "Next" dialog box, IIS Lockdown will ask if you want to install URLScan, 5. If you want to use filters to Prevent IIS from processing URLs that may be malicious, that is, URLs that are often used by hackers to attack the system, you can use URLScan as the front door to guard IIS ).

This article does not prepare to detail URLScan, please visit http://www.microsoft.com/technet/treeview/default.asp? Url =/technet/security/tools/urlscan. asp learn more about URLScan.

Cancel the URLScan Installation option and click "Next". The IIS Lockdown displays a series of operations to be performed. Click "cancel" to discard the operation. Click "Next" to start the "Lock" Operation listed in the List. Once the lock operation starts, it cannot be stopped.

Depending on the specific modification operation, IIS Lockdown may create several log files and IIS metadata backup files in the \ % windir % \ system32 \ inetsrv directory, as shown in table 2.

Although no one requires us to ensure the security of these IIS Lockdown log files and metadata backup files, if you want to manually cancel the operations performed by IIS Lockdown, or you need to reinstall the OS, these files will be used. Therefore, it is best to copy these files to another disk or save them to another server.

Table 2: IIS Lockdown logs and metadata backup files
 

 
 

  
  
Description of. log or. md0 File
  
  
Oblt-log.log IIS Lockdown a list of operations performed to improve server security.
  
  
A brief summary of the oblt-rep.log lock process. After the lock process is completed, click View Report to View the file.
  
  
Oblt-undo.log IIS Lockdown a list of actions taken to unlock the operation.
  
  
Metaback \ A backup file for the oblt-mb.md0 IIS metadata.
  
  
Metaback \ oblt-beforeundo-mb.md0 IIS metadata backed up before IIS Lockdown Undo command recovery metadata backup.
 
 

If IIS Lockdown is run on a machine that officially provides services to users, it must be scheduled during normal shutdown and maintenance. The Web service will be closed when the IIS Lockdown starts the modification operation. Modifying the service during normal maintenance can avoid unnecessary troubles.