Microsoft KB Archive/311862

= How to Use The IIS Lockdown Tool with Small Business Server =

Article ID: 311862

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Small Business Server 2000 Standard Edition
 * Microsoft BackOffice Small Business Server 4.0
 * Microsoft BackOffice Small Business Server 4.0a
 * Microsoft BackOffice Small Business Server 4.5

-



This article was previously published under Q311862



SUMMARY
This article describes how to use the IIS Lockdown tool to secure Small Business Server. The IIS Lockdown tool is a wizard-based tool that a Small Business Server administrator can use to add security options. The IIS Lockdown tool is available for download from the following Microsoft Web site:

http://www.microsoft.com/technet/security/tools/locktool.asp



To Secure Small Business Server 4.0 and 4.5 with the IIS Lockdown Tool

 * 1) Start the wizard by running Iislockd.exe.
 * 2) After agreeing to the Wizard License Agreement, click Small Business Server for Windows NT, and then click Next.

NOTE: To view the configuration options for this selection, select the View template settings&quot; check box before clicking Next.
 * 1) Continue through the wizard, accepting the default options. A summary of the configuration changes is listed on the &quot;Ready to Apply Settings&quot; page.
 * 2) Click Next, and then click Finish to complete the wizard.

NOTE: Before you complete the wizard, you can view a report that lists the changes that you made by clicking View Report button after you apply the security settings.

Known Issues with the IIS Lockdown Tool on Small Business Server 4.0 and 4.5

 * You can no longer search Microsoft Proxy Server 2.0 documentation. The IIS Lockdown tool disables the Index Server Web interface, which prevents indexing and searching the Proxy Server documentation.
 * Microsoft Index Server sample queries return error 404. The IIS Lockdown tool removes the IISSamples virtual folder.
 * Index Server HTML Administration does not work and generates error 404. The IIS Lockdown tool removes the IISAdmin virtual folder that hosts Index Server HTML-based administration.
 * If you attempt to gain access to the Microsoft Windows NT Option Pack documentation, you receive error 404. The IIS Lockdown tool removes the IISHelp virtual folder.
 * Microsoft Internet Information Server (IIS) HTML-based administration does not work and generates error 500. The IIS Lockdown tool removes the IISAdmin virtual folder that hosts IIS HTML-based administration.

NOTE: By default, the IIS Lockdown tool does not install the URLScan tool that is included with the IIS Lockdown package. Microsoft does not recommend that you install the URLScan tool on Small Business Server 4.0 or 4.5. To determine if you have installed URLScan:
 * 1) Start Internet Service Manager by clicking Start, pointing to Programs, pointing to Windows NT 4.0 Option Pack, pointing to Microsoft Internet Information Server, and then clicking Internet Service Manager.
 * 2) Expand the list under Internet Information Server.
 * 3) Right-click the server, and then click Properties.
 * 4) Under Master Properties, click WWW Service, and then click Edit.
 * 5) Click the ISAPI Filters tab to view the list of installed filters. If URLScan is installed, URLScan appears in the Filters list.

Small Business Server 2000
To secure Small Business Server 2000 by using the IIS Lockdown tool:
 * 1) Start the wizard by running Iislockd.exe.
 * 2) After you agree to the Wizard License Agreement, click Small Business Server 2000, and then click Next.
 * 3) If you want to install the URLScan tool, click Next. For detailed information about URLScan, click Help.
 * 4) View the summary information, and then click Next.
 * 5) Click Next, and then click Finish to complete the wizard.

NOTE: Before you complete the wizard, you can view a report that lists the changes you made. To do so, click View Report after you apply the security settings.

The IIS Lockdown tool records configuration changes in the %SystemRoot%\System32\Inetsrv\Oblt-rep.log file. The tool records uninstall information in the %SystemRoot%\System32\Inetsrv\Oblt-log.log file.

NOTE: If you remove or modify the Oblt-log.log file, you can no longer undo changes that are made by the IIS Lockdown tool.

