Q

How does one protect the server while allowing visitors on the website?

eI am running IIS 5 on a Win2k server. I have a Web site (using the default Web site.) I can't figure out how to secure the server while still allowing anonymous connections to the site. I installed the latest service pack (2) and ran the MS personal security advisor, which identified several hotfixes I should install. When I did so, the Internet user account was locked out and visitors to my site were prompted to enter a password. Obviously, that isn't going to work. The lockdown program failed to complete installation and uninstalled itself. How does one protect the server while allowing visitors on the Web site?
That's a question that deserves a very long answer. Rather than trying to write pages and pages in response, I'll refer you to Microsoft's Web site:

http://www.microsoft.com/technet/security/

In general, follow these best practices:
1) Install all service packs
2) Install all hotfixes that may apply to your site
3) Install URLScan (once you understand how it works): http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32571
4) Restrict NTFS file permissions
5) Remove any unwanted application mappings

Regarding troubleshooting the problem you're having with authentication, first verify that anonymous authentication is enabled. To do this, check the Security tab of your Website's properties. If that's enabled, verify that the anonymous IIS user is enabled and has Read access to the files your users are attempting to access.

Good luck.

This was first published in October 2001

Dig deeper on Microsoft Windows Data Backup and Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close