Problem solve Get help with specific problems with your technologies, process and projects.

How does one protect the server while allowing visitors on the website?

eI am running IIS 5 on a Win2k server. I have a Web site (using the default Web site.) I can't figure out how to secure the server while still allowing anonymous connections to the site. I installed the latest service pack (2) and ran the MS personal security advisor, which identified several hotfixes I should install. When I did so, the Internet user account was locked out and visitors to my site were prompted to enter a password. Obviously, that isn't going to work. The lockdown program failed to complete installation and uninstalled itself. How does one protect the server while allowing visitors on the Web site?
That's a question that deserves a very long answer. Rather than trying to write pages and pages in response, I'll refer you to Microsoft's Web site:


In general, follow these best practices:
1) Install all service packs
2) Install all hotfixes that may apply to your site
3) Install URLScan (once you understand how it works): http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32571
4) Restrict NTFS file permissions
5) Remove any unwanted application mappings

Regarding troubleshooting the problem you're having with authentication, first verify that anonymous authentication is enabled. To do this, check the Security tab of your Website's properties. If that's enabled, verify that the anonymous IIS user is enabled and has Read access to the files your users are attempting to access.

Good luck.

Dig Deeper on Windows Server storage management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.