Microsoft KB Archive/310725

= How To Run the IIS Lockdown Wizard Unattended in IIS =

Article ID: 310725

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Services 5.1

-



This article was previously published under Q310725



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



IN THIS TASK

 * SUMMARY
 * Description of the Technique
 * Configure the IIS Lockdown Wizard to Run Unattended
 * REFERENCES



SUMMARY
This step-by-step article describes how to configure the Internet Information Services (IIS) Lockdown Wizard to run unattended.

back to the top

Description of the Technique
The latest version of the Internet Information Services (IIS) Lockdown Wizard provides administrators with the ability to run the wizard programmatically, allowing configuration across many servers through unattended, automated scripts.

To configure the IIS Lockdown Wizard for unattended use, you must edit the Iislockd.ini file. This file contains the [Info] section, which defines the following basic configuration information that is used by the IIS Lockdown Wizard: [Info] ServerTypesNT4=sbs4.5, exchange5.5, frontpage, proxy, staticweb, dynamicweb, other, iis_uninstalled ServerTypes=sbs2000, exchange5.5, exchange2k, sharepoint_portal, frontpage, biztalk, commerce, proxy, staticweb, dynamicweb, other, iis_uninstalled UnattendedServerType=frontpage Unattended=FALSE Undo=FALSE The following list explains the configuration information:
 * ServerTypesNT4 - Lists the available server type templates that are available for use with Microsoft Windows NT 4.0 servers.
 * ServerTypes - Lists the available server type templates that are available for use with Microsoft Windows 2000.
 * UnattendedServerType - Designates which server type template to use when you perform an unattended installation.
 * Unattended - Designates whether or not to run the wizard unattended.
 * Undo - When this option is set to TRUE, the wizard undoes previous changes made by the wizard.

The remaining portion of the Iislockd.ini file contains the various server type templates that are listed for the ServerTypeNT4 and ServerTypes variables in the [Info] section.

back to the top

Configure the IIS Lockdown Wizard to Run Unattended
 Open the Iislockd.ini file in a text editor.  In the [Info] section, configure UnattendedServerType by entering the name of the desired server template. For example, if you want to apply the dynamicweb template, the setting resembles the following: UnattendedServerType=dynamicweb   Change the Unattended setting to TRUE, as follows: Unattended=TRUE NOTE: If you want to run Iislockd.exe unattended to undo a previous run of the wizard, ensure that both Unattended and Undo are set to TRUE, as follows: Unattended=TRUE Undo=TRUE  Configure the server type template that is designated in step 2. The template configuration is denoted with square brackets around the server type name (for example, [dynamicweb]). This section contains the various feature settings for that specific server type. To turn these feature settings on or off, set them to TRUE or FALSE. Save the changes to the Iislockd.ini file. Run Iislockd.exe from the command line or by using a script.</li></ol>

Note the following:
 * The parameter for AdvancedSetup is not used and is ignored during an unattended installation.
 * The UninstallServices parameter only works on Windows 2000.

back to the top

<div class="references_section">