Microsoft KB Archive/832852

From BetaArchive Wiki
Knowledge Base


MBSA detects the IIS Lockdown Tool after you use the IIS Lockdown Tool Undo feature

Article ID: 832852

Article Last Modified on 3/1/2006


APPLIES TO

  • Microsoft Internet Information Services 5.1
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0


We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry


SYMPTOMS

After you use the Undo feature of the IIS Lockdown Tool, the Microsoft Baseline Security Analyzer (MBSA) reports the following when you run the MBSA:

The IIS Lockdown Tool has been run on the machine.

CAUSE

When you install the IIS Lockdown Tool, the following registry entry is created:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IIS Lockdown Wizard


However, when you rerun the Lockdown Tool to undo previous changes, this registry entry is not deleted. The MBSA checks for this registry entry as part of its scan for IIS vulnerabilities, and the MBSA bases its scan results on whether this key is present or is absent.

WORKAROUND

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To work around this problem, after you use the undo feature of the IIS Lockdown Tool wizard, manually delete the following registry key if it exists:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IIS Lockdown Wizard


When you delete this registry key, the MBSA recognizes that the IIS Lockdown Tool settings are no longer in effect and makes a recommendation that the IIS Lockdown Tool should be run.

Note Microsoft strongly recommends that you install the IIS Lockdown Tool and URLScan on servers that are running Microsoft Internet Information Services (IIS).

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

For more information about the IIS Lockdown Tool and about URLScan, click the following article numbers to view the articles in the Microsoft Knowledge Base:

325864 How to install and use the IIS Lockdown Wizard


317052 How to undo changes made by the IIS Lockdown Wizard


832853 The IIS metabase is restored from a backup when you rerun the Lockdown Tool to undo changes



Additional query words: lockdown tool undo iis security

Keywords: kbprb KB832852



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/832852&oldid=201754
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki