Article ID: 832852
Article Last Modified on 3/1/2006
APPLIES TO
- Microsoft Internet Information Services 5.1
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Server 4.0
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
SYMPTOMS
After you use the Undo feature of the IIS Lockdown Tool, the Microsoft Baseline Security Analyzer (MBSA) reports the following when you run the MBSA:
CAUSE
When you install the IIS Lockdown Tool, the following registry entry is created:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IIS Lockdown Wizard
However, when you rerun the Lockdown Tool to undo previous changes, this registry entry is not deleted. The MBSA checks for this registry entry as part of its scan for IIS vulnerabilities, and the MBSA bases its scan results on whether this key is present or is absent.
WORKAROUND
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
To work around this problem, after you use the undo feature of the IIS Lockdown Tool wizard, manually delete the following registry key if it exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IIS Lockdown Wizard
When you delete this registry key, the MBSA recognizes that the IIS Lockdown Tool settings are no longer in effect and makes a recommendation that the IIS Lockdown Tool should be run.
Note Microsoft strongly recommends that you install the IIS Lockdown Tool and URLScan on servers that are running Microsoft Internet Information Services (IIS).
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
REFERENCES
For more information about the IIS Lockdown Tool and about URLScan, click the following article numbers to view the articles in the Microsoft Knowledge Base:
325864 How to install and use the IIS Lockdown Wizard
317052 How to undo changes made by the IIS Lockdown Wizard
832853 The IIS metabase is restored from a backup when you rerun the Lockdown Tool to undo changes
Additional query words: lockdown tool undo iis security
Keywords: kbprb KB832852