Microsoft KB Archive/311675

= Cannot search Proxy Server 2.0 online help after the IIS Lockdown Wizard is installed =

Article ID: 311675

Article Last Modified on 6/9/2006

-

APPLIES TO


 * Microsoft BackOffice Small Business Server 4.5
 * Microsoft Proxy Server 2.0 Standard Edition

-



This article was previously published under Q311675



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. All the default security-related configuration settings in IIS 6.0 meet or exceed the security configuration settings that are made by the IIS Lockdown Tool. Therefore, you do not have to run this tool on Web servers that are running IIS 6.0. However, if you are upgrading from an earlier version of IIS, you should run the IIS Lockdown Tool before the upgrade to enhance the security of the Web server.



SYMPTOMS
When you attempt to search the online Proxy Server documentation, you may receive the following error message in your Web browser:

HTTP 404 - File not found Internet Information Services



CAUSE
The Internet Information Services (IIS) Lockdown Wizard is installed on the server. By default, the Internet Server Application Programming Interface (ISAPI) extension that allows you to search documents from a Web page is disabled after the tool is installed.



RESOLUTION
To resolve this problem, follow these steps to reenable the .idq extension for the default Web site:  Download and apply the fix that is available in the following Microsoft Knowledge Base article:

301625 MS01-044: Patch available for SSI privilege elevation vulnerability

 Open the Microsoft Management Console (MMC) that contains the IIS snap-in. Right-click the default Web site, and then click Properties. On the Home Directory tab, double-click Configuration. In the Application Mappings box, double-click .idq. Change the executable (.exe) file path to the following, and then click OK:

%systemroot%/system32/idq.dll

 Open Windows Explorer, and then browse to %systemroot%/system32.</li> Right-click Idq.dll, and then click Properties.</li> On the Security tab, add Read permissions for the Administrators group.</li></ol>

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

MORE INFORMATION
Because of recent attacks on the .idq extension, the IIS Lockdown Wizard remaps the application mapping for the .idq extension that uses Idq.dll to allow searching through Index Server to 404.dll.

Additional query words: iis 5

Keywords: kbprb kbpending KB311675

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.