IIS Lockdown Wizard version 2.1 works by turning off unnecessary features, thus reducing attack surface available to attackers 1

So begins the page where one can download the IIS Lockdown tool from Microsoft. IIS Lockdown is a very simple tool to use in securing IIS. It allows for the normal, average Microsoft administrator to limit what is available through IIS.

One of the goals of this tool is limit what IIS is doing to prevent hackers from breaching your web server. However, running this tool alone does not solve all of your problems, you will need more protection then a simple wizard.

A wizard in fact is all the tool is. The current version of the wizard is 2.1 and works with version 5.x and 6.x of the server product. IIS Lockdown assigns "roles" to the server for the major IIS-dependent products Microsoft produces, such as BizTalk Server, Exchange and Microsoft SharePoint Portal Server.

A part of the wizard includes URLscan which further locks down the server, without requiring an administrator to launch another program. It also matches the assigned role with the correct changes that neede to be made.

Perhaps the biggest benefit of IIS Lockdown is the ability to script the configuration for an unatteneded installation or setting up multiple IIS servers at one time.

1. Taken from http://www.microsoft.com/technet/security/tools/locktool.mspx, which is also where most of this node is taken from.
On a side note and more personal, be careful, if you don't know what you are doing, you can really mess up your web server. Read any and all documenation.

Log in or register to write something here or to contact authors.