Ask the Expert

How does one protect the server while allowing visitors on the website?

eI am running IIS 5 on a Win2k server. I have a Web site (using the default Web site.) I can't figure out how to secure the server while still allowing anonymous connections to the site. I installed the latest service pack (2) and ran the MS personal security advisor, which identified several hotfixes I should install. When I did so, the Internet user account was locked out and visitors to my site were prompted to enter a password. Obviously, that isn't going to work. The lockdown program failed to complete installation and uninstalled itself. How does one protect the server while allowing visitors on the Web site?

Requires Free Membership to View

That's a question that deserves a very long answer. Rather than trying to write pages and pages in response, I'll refer you to Microsoft's Web site:

In general, follow these best practices:
1) Install all service packs
2) Install all hotfixes that may apply to your site
3) Install URLScan (once you understand how it works):
4) Restrict NTFS file permissions
5) Remove any unwanted application mappings

Regarding troubleshooting the problem you're having with authentication, first verify that anonymous authentication is enabled. To do this, check the Security tab of your Website's properties. If that's enabled, verify that the anonymous IIS user is enabled and has Read access to the files your users are attempting to access.

Good luck.

This was first published in October 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: