Additional Resources for IIS 6.0 Security

Applies To: Windows Server 2003, Windows Server 2003 with SP1

These resources contain additional information and tools related to Managing a Secure IIS 6.0 Solution.

Related Information

• Analyzing Log Files for information about interpreting substatus error codes.

• Configuring Internet Sites and Services for information about configuring host header–based sites.

• Optimizing IIS 6.0 Performance for information about managing security while maintaining server performance.

• Working with the Metabase for information about metabase security.

• Microsoft Knowledge Base article 301432, How to Create a Subweb and Add Permissions for information about creating subwebs and assigning unique permissions.

• The Microsoft Internet Security & Acceleration Server Web site for information about network firewalls.

• The Microsoft .NET Passport Web site for information about .NET Passport authorization.

• MetaACL.exe Sample for information about MetaACL.vbs.

• Cryptography Essentials for information about CSP and managing installed third-party cryptographic providers.

• The RFC-Editor Web page for information about RFC 1321 and RFC 2617.

• Writing Secure Code, 2nd Edition, by Michael Howard and David LeBlanc, 2003, Redmond: Microsoft Press.

Related IIS 6.0 Operations Guide Topics

• The AspRunOnEndAnonymously Metabase Property for information about ASP OnEnd routines.

• Basic Authentication in IIS 6.0 for information about the Basic authentication method.

• Digest Authentication in IIS 6.0 for information about the Digest authentication method.

• IIS 6.0 Encryption for information about SSL encryption features.

• Global Registry Entries for information about the UserTokenTTL property.

• Securing Sites with Web Site Permissions for information about Web site permissions.

Related Windows Server 2003 Help Topics

For best results in identifying Help topics by title, in Help and Support Center, under the Search box, click Set search options. Under Help Topics, select theSearch in title only check box.

• Add a member to a local group for information about adding users to groups.

• Authorization Manager for information about Authorization Manager.

• Cacls for information about the cacls command.

• Domain and forest functionality for information about domain functional levels.

• Managing IPSec from the command line for information about Netsh commands for IPSec.

• Using Windows Automatic Updates for information about scheduled installation of security updates.

Related Tools

• The Xcacls.exe command-line tool

  See the Xcacls.exe Web site for information about Xcacls.exe, including instructions for downloading this command-line tool.