Microsoft KB Archive/840974

From BetaArchive Wiki

Article ID: 840974

Article Last Modified on 6/9/2006


APPLIES TO

  • Microsoft Internet Information Services 5.0
  • Microsoft Windows 2000 Service Pack 4


We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) 6.0 running on Microsoft Windows Server 2003. All the default security-related configuration settings in IIS 6.0 meet or exceed the security-related configuration settings that are made by the IIS Lockdown Tool. Therefore, you do not have to run this tool on Web servers that are running IIS 6.0. However, if you are upgrading from an earlier version of IIS, you should run the IIS Lockdown Tool before you upgrade. By taking this action, you enhance the security of the Web server.

For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx


SYMPTOMS

You may not be able to modify the DLL that is mapped to the .htr file name extension in Microsoft Internet Information Services (IIS) if you try to use version 2.1 of the IIS Lockdown Tool to update the script mapping.

CAUSE

The IIS Lockdown Tool searches for a script mapping that maps to the corresponding DLL to determine the script mappings to modify. The IIS Lockdown Tool searches for the script mappings that map to the Ism.dll file, and then the IIS Lockdown Tool modifies these script mappings so that the script mappings map to the 404.dll file. However, the version of IIS 5.0 that is included with Microsoft Windows 2000 Server Service Pack 4 (SP4) contains the .htr file name extension mapping that maps to the Asp.dll file. Because of this change, the IIS Lockdown Tool does not find any script mappings for the Asp.dll file. Therefore, the IIS Lockdown Tool does not modify any existing .htr file name extension mappings.

RESOLUTION

To resolve this problem, follow these steps:

  1. Click Start, and then click Run. The Run dialog box appears.
  2. In the Open box, type inetmgr, and then click OK. The Internet Information Services window appears.
  3. In the right pane, expand <Computer Name>, right-click Default Web Site, and then click Properties. The Default Web Site Properties dialog box appears.

    Note <Computer Name> is a placeholder for the name of your computer.
  4. Click the Home Directory tab, and then click Configuration. The Application Configuration dialog box appears.
  5. On the App Mappings tab, locate the Extension column, click .htr, and then click Edit. The Add/Edit Application Extension Mapping dialog box appears.
  6. In the Executable box, type the following line, and then click OK:

    <System Drive>:%windir%\system32\inetsrv\404.dll

    Note <System Drive> is a placeholder for the root drive of your computer.


MORE INFORMATION

Steps to reproduce the problem

  1. Download the IIS Lockdown Tool version 2.1. To do this, visit the following Microsoft Web site:

    http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0-bb30-47eb-9a61-fd755d23cdec&DisplayLang=en

  2. Save the Lockdown Tool to the desktop of your computer, and then double-click the Iislockd.exe file to install the Lockdown Tool on your computer. The Internet Information Services Lockdown Wizard dialog box appears.
  3. Click Next. The license page appears.
  4. Click I agree, and then click Next. The Select Server Template page appears.
  5. Click Other (Server that does not match any of the listed roles), and then click Next. The Internet Services page appears.
  6. Click Next. The Script Maps page appears.
  7. Click to select the .HTR Scripting check box, and then click to clear all other check boxes.
  8. Click Next. The Additional Security page appears.
  9. Click Next. The URL Scan page appears.
  10. Click to clear the Install URL Scan filter on the server check box, and then click Next. The Ready to Apply Settings page appears.
  11. Click Next, and then click Finish to finish the installation.
  12. Click Start, and then click Run. The Run dialog box appears.
  13. In the Open box, type inetmgr, and then click OK. The Internet Information Services window appears.
  14. Expand <Computer Name>, expand Web Sites, right-click Default Web Site, and then click Properties. The Default Web Site Properties dialog box appears.

    Note <Computer Name> is a placeholder for the name of your computer.
  15. Click the Home Directory tab, and then click Configuration. The Application Configuration dialog box appears.
  16. On the Mappings tab, locate the Extension column header, and then view the mapping for the file that has the .htr file name extension.


REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

331834 Change password functionality replaced with Active Server Pages


Keywords: kbtoolkit kbservice kbmsg kbdll kbprb KB840974



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/840974&oldid=334257
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki